From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 16 Nov 2011 15:49:01 +0000 (-0500)
Subject: Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
X-Git-Tag: 000~108
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=90c9629d17e156539c801f1fd2c445144fe8006e;p=people%2Fstevee%2Fselinux-policy.git

Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy

Conflicts:
	policy/modules/services/policykit.te
---

90c9629d17e156539c801f1fd2c445144fe8006e
diff --cc policy/modules/kernel/devices.te
index 1c2562cc,1c2562cc..2930d0fc
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@@ -225,6 -225,6 +225,9 @@@ files_mountpoint(sysfs_t
  fs_type(sysfs_t)
  genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
  
++type cpu_online_t;
++genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
++
  #
  # Type for /dev/tpm
  #
diff --cc policy/modules/services/policykit.te
index 885c619f,a16f7d77..c2771dd9
--- a/policy/modules/services/policykit.te
+++ b/policy/modules/services/policykit.te
@@@ -61,11 -57,7 +57,11 @@@ miscfiles_read_localization(policykit_d
  #
  
  allow policykit_t self:capability { dac_override dac_read_search setgid setuid };
 +tunable_policy(`deny_ptrace',`',`
 +	allow policykit_t self:capability sys_ptrace;
 +')
 +
- allow policykit_t self:process { getscheda signal };
+ allow policykit_t self:process { getsched signal };
  allow policykit_t self:unix_dgram_socket create_socket_perms;
  allow policykit_t self:unix_stream_socket { create_stream_socket_perms connectto };