++##
++## Ignore vbetool mmap_zero errors.
++##
++##
++gen_tunable(vbetool_mmap_zero_ignore, false)
++
+ type vbetool_t;
+ type vbetool_exec_t;
+ init_system_domain(vbetool_t, vbetool_exec_t)
+@@ -25,12 +32,22 @@
dev_rw_xserver_misc(vbetool_t)
dev_rw_mtrr(vbetool_t)
@@ -2875,6 +2889,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
term_use_unallocated_ttys(vbetool_t)
+ miscfiles_read_localization(vbetool_t)
+
++tunable_policy(`vbetool_mmap_zero_ignore',`
++ dontaudit vbetool_t self:memprotect mmap_zero;
++')
++
+ optional_policy(`
+ hal_rw_pid_files(vbetool_t)
+ hal_write_log(vbetool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.7.19/policy/modules/admin/vpn.if
--- nsaserefpolicy/policy/modules/admin/vpn.if 2010-04-13 20:44:37.000000000 +0200
+++ serefpolicy-3.7.19/policy/modules/admin/vpn.if 2010-05-28 09:41:59.968610889 +0200
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 96801d2..7dde793 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.7.19
-Release: 61%{?dist}
+Release: 62%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,9 @@ exit 0
%endif
%changelog
+* Fri Sep 24 2010 Miroslav Grepl