six simple patches from dan

diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index 5056fb1e96bab60af9ec8d042882a7399f753934..207db699e88302ee4cc09d11ec6b19e412346baa 100644 (file)
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -150,6 +150,7 @@ template(`mozilla_per_role_template',`
        corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
 
        dev_read_urand($1_mozilla_t)
+       dev_read_rand($1_mozilla_t)
        dev_write_sound($1_mozilla_t)
        dev_read_sound($1_mozilla_t)
        dev_dontaudit_rw_dri($1_mozilla_t)

diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 069ded0b09ca0af2bd5f22ca7c9f4c63edbe4e0a..305c1ccd9ba9aeb82c96fdc541fe95d38de31caf 100644 (file)
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -1,5 +1,5 @@
 
-policy_module(mozilla,1.2.0)
+policy_module(mozilla,1.2.1)
 
 ########################################
 #

diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te
index 63563b100a32747ba88798075fd7372bfc694b9b..44b655be60f589095af9f596120cdf16a6bbedb7 100644 (file)
--- a/policy/modules/services/oddjob.te
+++ b/policy/modules/services/oddjob.te
@@ -1,5 +1,5 @@
 
-policy_module(oddjob,1.2.0)
+policy_module(oddjob,1.2.1)
 
 ########################################
 #
@@ -27,7 +27,7 @@ files_pid_file(oddjob_var_run_t)
 # oddjob local policy
 #
 
-allow oddjob_t self:capability { audit_write setgid } ;
+allow oddjob_t self:capability setgid;
 allow oddjob_t self:process { setexec signal };
 allow oddjob_t self:fifo_file { read write };
 allow oddjob_t self:unix_stream_socket create_stream_socket_perms;

diff --git a/policy/modules/services/openvpn.fc b/policy/modules/services/openvpn.fc
index 046d5d7d75dfcafb927e7235e28720bdf080e77f..bbcd6c6fb9bd7bff35027051622e8c5bdf56af2e 100644 (file)
--- a/policy/modules/services/openvpn.fc
+++ b/policy/modules/services/openvpn.fc
@@ -11,5 +11,5 @@
 #
 # /var
 #
-/var/log/openvpn.*     --      gen_context(system_u:object_r:openvpn_var_log_t,s0)
-/var/run/openvpn.*     --      gen_context(system_u:object_r:openvpn_var_run_t,s0)
+/var/log/openvpn(/.*)?         gen_context(system_u:object_r:openvpn_var_log_t,s0)
+/var/run/openvpn(/.*)?         gen_context(system_u:object_r:openvpn_var_run_t,s0)

diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 47abf8f62fc5c05120bc1761179ea9d0c6e42c36..28b6f7618b948c64bc3eeb44e819b61a2c4c3cc7 100644 (file)
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
 
-policy_module(openvpn,1.2.0)
+policy_module(openvpn,1.2.1)
 
 ########################################
 #

diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index b8c25d836e67d8d763d834c2ccd2b66b4734f37c..005af7b7ac3d6781f2b892bbc5af24cffbb8bef0 100644 (file)
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
 
-policy_module(ppp,1.4.0)
+policy_module(ppp,1.4.1)
 
 ########################################
 #
@@ -155,7 +155,6 @@ domain_use_interactive_fds(pppd_t)
 
 files_exec_etc_files(pppd_t)
 files_manage_etc_runtime_files(pppd_t)
-files_etc_filetrans_etc_runtime(pppd_t, { dir file })
 files_dontaudit_write_etc_files(pppd_t)
 
 # for scripts
@@ -171,9 +170,9 @@ logging_send_syslog_msg(pppd_t)
 
 miscfiles_read_localization(pppd_t)
 
-sysnet_read_config(pppd_t)
 sysnet_exec_ifconfig(pppd_t)
 sysnet_manage_config(pppd_t)
+sysnet_etc_filetrans_config(pppd_t)
 
 userdom_dontaudit_use_unpriv_user_fds(pppd_t)
 userdom_dontaudit_search_sysadm_home_dirs(pppd_t)

diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 5efbe4144a08b729cc5ad0784eed7aea8955ad0e..99090dbd36d8276daa1aa9472dcdbaa9b83b6204 100644 (file)
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -1,5 +1,5 @@
 
-policy_module(setroubleshoot,1.3.0)
+policy_module(setroubleshoot,1.3.1)
 
 ########################################
 #
@@ -28,7 +28,7 @@ files_pid_file(setroubleshoot_var_run_t)
 #
 
 allow setroubleshootd_t self:capability { dac_override sys_tty_config };
-allow setroubleshootd_t self:process { signal getattr getsched };
+allow setroubleshootd_t self:process { signull signal getattr getsched };
 allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
 allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
 allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };

diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
index afcd774b6bdd10795e8411d8b75a5f68068122ef..7e5739998b7ad4b26abecd166d5a6e1a643b7c6d 100644 (file)
--- a/policy/modules/services/tftp.te
+++ b/policy/modules/services/tftp.te
@@ -1,5 +1,5 @@
 
-policy_module(tftp,1.4.0)
+policy_module(tftp,1.4.1)
 
 ########################################
 #
@@ -69,6 +69,7 @@ libs_use_shared_libs(tftpd_t)
 logging_send_syslog_msg(tftpd_t)
 
 miscfiles_read_localization(tftpd_t)
+miscfiles_read_public_files(tftpd_t)
 
 sysnet_read_config(tftpd_t)
 sysnet_use_ldap(tftpd_t)