-policy_module(apm, 1.9.1)
+policy_module(apm, 1.9.2)
########################################
#
libs_exec_lib_files(apmd_t)
logging_send_syslog_msg(apmd_t)
+logging_send_audit_msgs(apmd_t)
miscfiles_read_localization(apmd_t)
miscfiles_read_hwdata(apmd_t)
-policy_module(audioentropy, 1.5.0)
+policy_module(audioentropy, 1.5.1)
########################################
#
# and sample rate.
dev_write_sound(entropyd_t)
+files_read_etc_files(entropyd_t)
+files_read_usr_files(entropyd_t)
+
fs_getattr_all_fs(entropyd_t)
fs_search_auto_mountpoints(entropyd_t)
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
userdom_dontaudit_search_user_home_dirs(entropyd_t)
+optional_policy(`
+ alsa_read_lib(entropyd_t)
+ alsa_read_rw_config(entropyd_t)
+')
+
optional_policy(`
seutil_sigchld_newrole(entropyd_t)
')
-policy_module(bitlbee, 1.1.1)
+policy_module(bitlbee, 1.1.2)
########################################
#
manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)
+kernel_read_system_state(bitlbee_t)
+
corenet_all_recvfrom_unlabeled(bitlbee_t)
corenet_udp_sendrecv_generic_if(bitlbee_t)
corenet_udp_sendrecv_generic_node(bitlbee_t)
files_search_spool($1)
manage_dirs_pattern($1, print_spool_t, print_spool_t)
manage_files_pattern($1, print_spool_t, print_spool_t)
+ manage_lnk_files_pattern($1, print_spool_t, print_spool_t)
')
########################################
-policy_module(lpd, 1.11.2)
+policy_module(lpd, 1.11.3)
########################################
#
-policy_module(portreserve, 1.0.0)
+policy_module(portreserve, 1.0.1)
########################################
#
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
+corenet_all_recvfrom_unlabeled(portreserve_t)
+corenet_all_recvfrom_netlabel(portreserve_t)
corenet_tcp_bind_generic_node(portreserve_t)
corenet_udp_bind_generic_node(portreserve_t)
-corenet_tcp_bind_all_reserved_ports(portreserve_t)
-corenet_udp_bind_all_reserved_ports(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_udp_bind_all_ports(portreserve_t)
files_read_etc_files(portreserve_t)
-policy_module(privoxy, 1.8.2)
+policy_module(privoxy, 1.8.3)
########################################
#
# Declarations
#
+## <desc>
+## <p>
+## Allow privoxy to connect to all ports, not just
+## HTTP, FTP, and Gopher ports.
+## </p>
+## </desc>
+gen_tunable(privoxy_connect_any, false)
+
type privoxy_t; # web_client_domain
type privoxy_exec_t;
init_daemon_domain(privoxy_t, privoxy_exec_t)
files_read_etc_files(privoxy_t)
+auth_use_nsswitch(privoxy_t)
+
logging_send_syslog_msg(privoxy_t)
miscfiles_read_localization(privoxy_t)
-sysnet_dns_name_resolve(privoxy_t)
-
userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
userdom_dontaudit_search_user_home_dirs(privoxy_t)
# cjp: this should really not be needed
userdom_use_user_terminals(privoxy_t)
-optional_policy(`
- nis_use_ypbind(privoxy_t)
-')
-
-optional_policy(`
- nscd_socket_use(privoxy_t)
+tunable_policy(`privoxy_connect_any',`
+ corenet_tcp_connect_all_ports(privoxy_t)
+ corenet_sendrecv_all_client_packets(privoxy_t)
')
optional_policy(`
-policy_module(sasl, 1.11.2)
+policy_module(sasl, 1.11.3)
########################################
#
optional_policy(`
kerberos_keytab_template(saslauthd, saslauthd_t)
+ kerberos_manage_host_rcache(saslauthd_t)
')
optional_policy(`
mysql_stream_connect(saslauthd_t)
')
+optional_policy(`
+ nis_authenticate(saslauthd_t)
+')
+
optional_policy(`
seutil_sigchld_newrole(saslauthd_t)
')