diff --git a/policy-20080710.patch b/policy-20080710.patch index 6f3aa51..87504bc 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -1869,7 +1869,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.5.13/policy/modules/apps/awstats.te --- nsaserefpolicy/policy/modules/apps/awstats.te 2008-10-17 14:49:14.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/apps/awstats.te 2009-02-10 15:07:15.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/apps/awstats.te 2009-03-27 14:17:48.000000000 +0100 @@ -47,6 +47,8 @@ # e.g. /usr/share/awstats/lang/awstats-en.txt files_read_usr_files(awstats_t) @@ -1879,6 +1879,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats. libs_read_lib_files(awstats_t) libs_use_ld_so(awstats_t) libs_use_shared_libs(awstats_t) +@@ -55,6 +57,8 @@ + + sysnet_dns_name_resolve(awstats_t) + ++logging_read_generic_logs(awstats_t) ++ + apache_read_log(awstats_t) + + optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.5.13/policy/modules/apps/ethereal.fc --- nsaserefpolicy/policy/modules/apps/ethereal.fc 2008-10-17 14:49:14.000000000 +0200 +++ serefpolicy-3.5.13/policy/modules/apps/ethereal.fc 2009-02-10 15:07:15.000000000 +0100 @@ -15964,6 +15973,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus + xserver_rw_xdm_xserver_shm(unconfined_dbusd_t) + ') +') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.fc serefpolicy-3.5.13/policy/modules/services/dcc.fc +--- nsaserefpolicy/policy/modules/services/dcc.fc 2008-10-17 14:49:11.000000000 +0200 ++++ serefpolicy-3.5.13/policy/modules/services/dcc.fc 2009-03-27 15:03:55.000000000 +0100 +@@ -10,6 +10,7 @@ + /usr/libexec/dcc/dccifd -- gen_context(system_u:object_r:dccifd_exec_t,s0) + /usr/libexec/dcc/dccm -- gen_context(system_u:object_r:dccm_exec_t,s0) + ++/var/lib/dcc(/.*)? gen_context(system_u:object_r:dcc_var_t,s0) + /var/dcc(/.*)? gen_context(system_u:object_r:dcc_var_t,s0) + /var/dcc/map -- gen_context(system_u:object_r:dcc_client_map_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.5.13/policy/modules/services/dcc.if --- nsaserefpolicy/policy/modules/services/dcc.if 2008-10-17 14:49:11.000000000 +0200 +++ serefpolicy-3.5.13/policy/modules/services/dcc.if 2009-02-10 15:07:15.000000000 +0100 @@ -18199,7 +18219,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.5.13/policy/modules/services/lircd.fc --- nsaserefpolicy/policy/modules/services/lircd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.5.13/policy/modules/services/lircd.fc 2009-03-23 11:39:14.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/services/lircd.fc 2009-03-27 14:57:13.000000000 +0100 @@ -0,0 +1,9 @@ + +/dev/lircd -s gen_context(system_u:object_r:lircd_sock_t,s0) @@ -18316,8 +18336,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.5.13/policy/modules/services/lircd.te --- nsaserefpolicy/policy/modules/services/lircd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.5.13/policy/modules/services/lircd.te 2009-03-22 16:10:02.000000000 +0100 -@@ -0,0 +1,53 @@ ++++ serefpolicy-3.5.13/policy/modules/services/lircd.te 2009-03-27 14:56:59.000000000 +0100 +@@ -0,0 +1,60 @@ +policy_module(lircd,1.0.0) + +######################################## @@ -18364,12 +18384,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc +manage_sock_files_pattern(lircd_t, lircd_sock_t, lircd_sock_t) +dev_filetrans(lircd_t, lircd_sock_t, sock_file ) + ++files_read_etc_files(lircd_t) ++ ++files_list_var(lircd_t) ++files_manage_generic_locks(lircd_t) ++files_read_all_locks(lircd_t) ++ +logging_send_syslog_msg(lircd_t) + +libs_use_ld_so(lircd_t) +libs_use_shared_libs(lircd_t) +miscfiles_read_localization(lircd_t) + ++permissive lircd_t; + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.5.13/policy/modules/services/lpd.fc --- nsaserefpolicy/policy/modules/services/lpd.fc 2008-10-17 14:49:11.000000000 +0200 @@ -18842,7 +18869,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. -#') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.5.13/policy/modules/services/mta.if --- nsaserefpolicy/policy/modules/services/mta.if 2008-10-17 14:49:11.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/services/mta.if 2009-02-10 15:07:15.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/services/mta.if 2009-03-27 13:19:43.000000000 +0100 @@ -133,6 +133,15 @@ sendmail_create_log($1_mail_t) ') @@ -18981,6 +19008,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. ## Create, read, write, and delete ## mail queue files. ## +@@ -909,6 +964,7 @@ + + files_search_spool($1) + manage_files_pattern($1, mqueue_spool_t, mqueue_spool_t) ++ manage_dirs_pattern($1, mqueue_spool_t, mqueue_spool_t) + ') + + ####################################### diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.5.13/policy/modules/services/mta.te --- nsaserefpolicy/policy/modules/services/mta.te 2008-10-17 14:49:11.000000000 +0200 +++ serefpolicy-3.5.13/policy/modules/services/mta.te 2009-02-10 15:07:15.000000000 +0100 @@ -28326,7 +28361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.13/policy/modules/services/spamassassin.te --- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-10-17 14:49:11.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-03-17 16:50:53.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-03-27 16:44:52.000000000 +0100 @@ -21,16 +21,24 @@ gen_tunable(spamd_enable_home_dirs, true) @@ -28510,7 +28545,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam ') optional_policy(` -@@ -211,5 +261,137 @@ +@@ -211,5 +261,141 @@ ') optional_policy(` @@ -28639,6 +28674,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam +') + +optional_policy(` ++ spamass_milter_manage_state(spamc_t) ++') ++ ++optional_policy(` + postfix_rw_local_pipes(spamc_t) +') + @@ -35190,7 +35229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.5.13/policy/modules/system/sysnetwork.fc --- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.fc 2009-03-23 16:28:46.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.fc 2009-03-27 15:20:43.000000000 +0100 @@ -11,15 +11,24 @@ /etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0) /etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0) @@ -35214,7 +35253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet +/etc/sysconfig/networking/profiles/.*/hosts -- gen_context(system_u:object_r:net_conf_t,s0) +/etc/sysconfig/network-scripts(/.*)? gen_context(system_u:object_r:net_conf_t,s0) +/etc/sysconfig/networking/profiles(/.*)? gen_context(system_u:object_r:net_conf_t,s0) -+ ++/etc/sysconfig/networking/devices(/.*)? gen_context(system_u:object_r:net_conf_t,s0) ') #