* Wed Apr 24 2013 Chris PeBenito - 2.20130424 Chris PeBenito (18): Rewrite of mcelog module from Guido Trentalancia Remove unnecessary lines in mcelog.te. Slight rearrangement in mcelog.te. Module version bump for mcelog update from Guido Trentalancia. Module version bump for ntp module fixes from Dominick Grift. Module version bump for fc substitutions optimizations from Sven Vermeulen. Module version bump for postfix/mta misc fixes from Sven Vermeulen. Module version bump for init_daemon_run_dirs usage from Sven Vermeulen. Turn off all tunables by default, from Guido Trentalancia. Module version bump for tunable default change. Module version bump for saslauthd tcp mysql connections from Mika Flueger. Move kernel request line in quota. Module version bump for quota kernel module request from Mika Pflueger. Module version bump for djbdns ports fixes from Russell Coker. Remove stray + in keystone.te. Whitespace fixes in cron.fc. Module version bump for pulseaudio type_transition conflict fix from Sven Vermeulen. Bump module versions for release. Dominick Grift (889): Initial BIRD Internet Routing Daemon policy oident daemon fixes Introduce ntp_conf_t Allow ntp_admin() to manage ntp_drift_t content. List etc_t directories Use "Role allowed access." for consistency Use permissions sets for compatibility. Remove getattr permision from ntp_admin() Initial Sensord policy module Various block_suspend capability2 support from Fedora Gitolite3 support from Fedora /var/lib/sqlgrey is greylist milter data from Fedora Terminal related fixes for plymouthd from Fedora Support block_suspend capability2 for plymouth Support minimal polkit in new location Support ldap for user authentication from Fedora Sanlock sends kill signals to non-root processes from Fedora Various other capabilities for sanlock from Fedora Initial support for sqlgrey from Fedora Tor reads network sysctls from Fedora GPG agent reads /dev/random from Fedora Freshclam reads system and network state from Fedora Execute wpa_cli in the NetworkManager_t domain for wicd from Fedora lpstat.cups reads fips_enabled from Fedora Initial system tap compile server policy module Systemtap server admin manages stapserver_var_lib_t content Telepathy Idle reads gschemas.compiled from Fedora Initial slpd policy module Initial lightsquid policy module Initial wdmd policy module Initial mailscanner policy module and some depencies. Support slpd log rotation Initial numad policy module Open log files for append only CGClear reads CGConfig files from Fedora Cosmetic changes to cgroup policy module File contexts of cgroup app executables files in /sbin also apply to /usr/sbin Make cgroup_admin() a bit more compact Initial svnserve policy module Various small changes to ucspitcp Initial fcoe policy module Initial lldpad policy module fcoemon sends to lldpad with a dgram socket Initial quantum policy module Initial dspam policy module Module version bump for Telepathy file context spec fixes from Laurent Bigonville. Initial isns policy module Various changes to tcs policy module Initial ctdb policy module Various changes to the sblim policy module and its dependencies Initial polipo policy module Module version bump for networkmanager fixes Fixes to the polipo policy module Module version bump for smartmon fixes from Laurent Bigonville. Module version bump for accountsd file context spec fix from Laurent Bigonville. Various changes to the raid module Module version bump for rtkit file context spec fix from Laurent Bigonville Initial couchdb policy module Changes to the bind policy module Initial dnssectrigger policy module Initial man2html policy module Initial openhpi policy module Bind sends/receives http server instead of client packets conditionally Two file context regular expression fixes by Eric Paris Type mdadm_t is no longer a unconfined type Initial pkcs policy module Initial cfengine policy module Initial keystone policy module Initial l2tp policy module Initial mongodb policy module cfengine whitespace cleanup Changes to the accountsservice policy module Changes to the acct policy module Changes to the ada policy module changes to the afs policy module Changes to the accountsservice policy module Changes to the aiccu policy module Changes to the aide policy module Syntax error in afs_admin() Changes to the aisexec policy module Changes to the alsa policy module Changes to the amanda policy module Changes to the amavisd policy module and relevant dependencies Changes to the amtu policy module Changes to the anaconda policy module Changes to the abrt policy module and relevant dependencies numad sends/receives msgs from Fedora Amtu executable file in installed in /usr/sbin in Fedora The (usr/)? expression does not work consistently so better not use it at all Changes to the httpd policy module Merge branch 'master' of ssh://dgrift@oss.tresys.com/home/git/refpolicy-contrib Fixes to the apache policy module and dependencies Changes to the apcupsd policy module Role attributes for lightsquid application domain Changes to the mailscanner module Changes to the svnserve policy module Changes to the quantum policy module Changes to the dspam module Changes to the ctdb policy module Changes to the couchdb policy module Changes to the openhpid policy module Changes to the keystone policy module Changes to the l2tp policy module Changes to the apm module and relevant dependencies Changes to the arpwatch policy module Changes to the apcupsd policy module Changes to the abrt policy module Changes to the apache policy module Changes to the asterisk policy module and dependencies Changes to the authbind policy module Changes to the automount policy module Change acpid lock file context spec Changes to the avahi policy module and dependencies Changes to the awstats policy module Changes to the bacula policy module Changes to the bcfg2 policy module Changes to the apt policy module Changes to the apache policy module Changes to the backup module Changes to the bind policy module Bird module clean up Fix arpwatch connected_stream_socket_perms Changes to the bitlbee policy module Changes to the blueman policy module Changes to the bluetooth policy module Changes to the brctl policy module Changes to the apache policy module Changes to the bugzilla policy module Changes to the calamaris policy module Implement lightsquid_admin() Changes to the apache policy module and dependencies Initial boinc policy module Initial callweaver policy module Changes to the canna policy module Changes to the ccs policy module Changes to the cdrecord policy module Changes to the certmaster policy module and various role attribute fixes cdrecord needs to read and write callers unix domain stream socket not create it Changes to the certmonger policy module and its dependencies Initial cachefilesd policy module Changes to the certwatch policy module Changes to the chronyd policy module Changes to the cipe policy module Changes to the clamav policy module Various network clean up Add dev_rw_cachefiles() to cachefilesd policy module Changes to the clockspeed policy module Changes to the clogd policy module Changes to the cmirrord policy module Changes to the cobbler policy module Changes to the colord policy module Changes to the comsat policy module Initial collectd policy module Initial condor policy module and relevant dependencies Changes to the consolekit policy module and relevant dependencies Changes to the corosync policy module and relevant dependencies Clean up couchdb network rules Changes to the courier policy module Changes to the cpucontrol policy module Changes to the cpufreqselector policy module Changes to the cron policy module and relevant dependencies Changes to the cups policy module and relevant dependencies Changes to the cvs policy module Remove redundant connect avperms Changes to the cyphesis policy module Remove redundant rules from apache_admin() Changes to the cyrus policy module Changes to the daemontools policy module Changes to the dante policy module Modify dbadm boolean descriptions Changes to the dbus policy module and its dependencies Changes to the dcc policy module Changes to the ddclient policy module Changes to the ddcprobe policy module Changes to the denyhosts policy module Changes to the devicekit policy module and relevant dependencies Changes to the dhcpd policy module Changes tothe dictd policy module Changes to the discc policy module Changes to the djbdns policy module Changes to the dkim policy module Changes to the dmidecode policy module Module bump for Laurent Bigonville trousers init script file context specification fix Module bump for Laurent Bigonville libvirt init script file context specification fix Changes to the dnsmasq policy module and relevant dependencies Changes to the dovecot policy module Changes to the dpkg policy module Changes to the entropyd policy module Changes to the evolution policy module Changes to the exim policy module and relevant dependencies Changes to the cron policy module Changes to the fail2ban policy module fcoemon XML clean up Changes to the fetchmail policy module Changes to the fingerd policy module Initial firewalld policy module Changes to the firstboot policy module Changes to the fprint policy module and relevant dependencies Changes to the ftp module Changes to the games policy module Clean up evolution and cdrecord XML Changes to the gatekeeper policy module Changes to the gift policy module Changes to the git policy module Changes to the gitosis policy module Changes to the glance policy module Initial glusterfs policy module Add gatekeeper newline Deprecate glusterd_admin() use glusterfs_admin() instead Portage module version bump for autofs support by Matthew Thode and clean up cfengine: This location is now labeled with a cfengine private type Changes to the slpd policy module Changes to the gnomeclock policy module and relevant dependencies Changes to the gpg policy module Changes to the gpm policy module Changes to the gpsd policy module and relevant dependencies changes to the guest policy module Changes to the gnomeclock policy module Deprecate various DBUS interfaces and relevant dependencies Changes to the cachefilesd policy module Remove file context specification for kgpg which is a GUI frontend to GPG. Domain transition to gpg_t will happen when kgpg runs gpg. (rhbz#862229) Initial mandb policy module Changes to the hadoop policy module Changes to the hald policy module Changes to the hddtemp policy module Changes to the howl policy module changes to the mandb policy module Changes to the dbus policy module Changes to the rpm policy module Changes to the i18n_input policy module Changes to the icecast policy module Changes to the ifplugd policy module Changes to the imaze policy module Changes to the inetd policy module and relevant dependencies Changes to the innd policy module Changes to the irc policy module Changes to the ircd policy module Changes to the irc policy module Changes to the dbus policy module Changes to the avahi policy module Changes to the bluetooth policy module Changes to the aiccu policy module Changes to the bacula policy module Changes to the boinc policy module Changes to the bugzilla policy module Changes to the ccs policy module Changes to the clamav policy module Changes to the cobbler policy module Changes to the cyphesis policy module Changes to the dante policy module Changes to the dbskk policy module Changes to the ddclient policy module Changes to the denyhosts policy module Changes to the dnssectrigger policy module Changes to the dovecot policy module Changes to the drbd policy module Changes to the evolution policy module Changes to the fail2ban policy module Changes to the firewalld policy module Changes to the firstboot policy module Changes to the games policy module Changes to the gift policy module Changes to the glance policy module Changes to the hald policy module Changes to the dbus policy module Changes to the git policy module Changes to the polipo policy module Changes to the firewalld policy module Changes to the gpg policy module Tab clean up in ircbalance file context file Changes to the irqbalance policy module Tab clean up in iscsi file context file Changes to the iscsi policy module Tab clean up in jabber file context file Changes to the jabberd policy module Changes to the pyicqt policy module Tab clean up in java file context file Changes to the java policy module Changes to the dbus policy module Changes to the gnome policy module Changes to the apache policy module Changes to the accountsd policy module Changes to the alsa policy module Changes to the evolution policy module Changes to the bluetooth policy module Changes to the games policy module Changes to the gift policy module Changes to the gpg policy module Changes to the hadoop policy module Tab clean up in kdump file context file Changes to the kdump policy module Changes to the gpg policy module Changes to the dbus policy module Changes to the evolution policy module Changes to the gpm policy module Version bump for evolution file context fixes by Laurent Bigonville Version bump for nut file context fixes by Laurent Bigonville Changes to the kdumpgui policy module Tab clean up in kerberos file context file Changes to the kerberos policy module and relevant dependencies Changes to the kerneloops policy module Tab clean up in kerberos file context file Changes to the kismet policy module Clean up amavis XML header Initial keyboardd policy module Tab clean up in ksmtuned file context file Changes to the ksmtuned policy module Tab clean up in ktalk file context file Changes to the ktalk policy module Changes to the kudzu policy module Initial iodine policy module Initial dirmngr policy module Changes to the iodine policy module Changes to the kerberos policy module Changes to the kdumpgui policy module Update deprecated interface calls ( gnome_read_config -> gnome_read_generic_home_content ) Changes to the mozilla policy module Changes to the thunderbird policy module Changes to the l2tp policy module Tab clean up in ldap file context file Changes to the ldap policy module Tab clean up in likewise file context file Changes to the likewise policy module Tab clean up in lircd file context file Changes to the lircd policy module Changes to the livecd policy module Tab clean up in loadkeys file context file Changes to the loadkeys policy module and relevant dependencies Tab clean up in lockdev file context file Changes to the lockdev policy module Tab clean up in logrotate file context file Changes to the logrotate policy module and relevant dependencies Tab clean up in logwatch file context file Changes to the logrotate policy module Changes to the logwatch policy module Tab clean up in lpd file context file Changes to the lpd policy module Tab clean up in cron policy module Changes to the lpd policy module Changes to the consolekit policy module Tab fix in cron policy module Tab clean up in mailman file context file Changes to the mailman policy module and relevant dependencies Tab clean up in mcelog file context file Changes to the mcelog policy module Tab clean up in mediawiki file context file Mediawiki XML clean up Tab clean up in memcached file context file Changes to the memcached policy module Changes to the apache policy module Tab clean up in milter file context file Changes to the milter policy module and relevant dependencies Changes to the modemmanager policy module Tab clean up in mojomojo file context file Changes to the mojomojo policy module and relevant dependencies Changes to the gpg policy module Changes to the mongodb policy module Changes to the mono policy module Changes to the monop policy module Tab clean up in mozilla file context file Changes to the mozilla policy module and relevant dependencies Changes to the mozilla policy module Changes to the apache policy module Tab clean up in mpd file context file Changes to the mpd policy module Tab clean up in mplayer file context file Changes to the evolution policy module Changes to the mplayer policy module Changes to the irc policy module Tab clean up in mrtg file context file Changes to the mrtg policy module Tab clean up in mta file context file Changes to the mta policy module and relevant dependencies Changes to the mta policy module and relevant dependencies Get rid of mozilla_conf_t as it is unused Changes to the logrotate policy module Changes to the logwatch policy module Changes to the java policy module Changes to the apache module and relevant dependencies Tab clean up in munin file context file Changes to the munin policy module and relevant dependencies Tab clean up in mysql file context file Changes to mysqld policy module Changes to various policy modules Changes to the munin policy module Changes to the dovecot policy module Changes to various policy modules Changes to the mta policy module Changes to the certmonger policy module and relavant dependencies Tab clean up in nagios file context file Changes to the nagios policy module and relevant dependencies Changes to the modutils policy module Tab cleanup in the nessus file context file Changes to the nessus policy module Tab clean up in the network manager file context file Changes to the networkmanager policy module and relevant dependencies Changes to the mozilla policy module Changes to the cobbler policy module Initial rngd policy module Tab clean up in the nis file context file Changes to the nis policy module Tab clean up in the nscd file context file Changes to the nscd policy module Tab clean up in the nsd file context file Changes to the nsd policy module Tab clean up in the nslcd file context file Changes to the nslcd policy module Tab clean up in the ntop file context file Changes to the ntop policy module Tab clean up in the ntp file context file Changes to the ntp policy module Changes to the numad policy module Tab clean up in the nut file context file Changes to the nut policy module Tab clean up in the nx file context file Changes to the nx policy module Changes to the oav policy module Initial obex policy module Tab clean up in the oddjob file context file Tab clean up in gpg policy module Changes to the oddjob policy module Changes to the mozilla policy module Initial pacemaker policy module Tab clean up in the oidentd file context file Changes to the oident policy module Tab clean up in the openca file context file Changes to the openca policy module Tab clean up in the openct file context file Changes to the openct policy module Tab clean up in the openvpn file context file Changes to the openvpn policy module Tab clean up in the pads file context file Changes to the pads policy module Tab clean up in the passenger file context file Changes to the passenger policy module and relevant dependencies Tab clean up in the pcmcia file context file Changes to the pcmcia policy module Tab clean up in the pcscd file context file Changes to the pcscd policy module and relevant dependencies Tab clean up in the pegasus file context file Changes to the pegasus policy module Tab clean up in the perdition file context file Changes to the perdition policy module Tab clean up in the pingd file context file Changes to the pingd policy module Changes to the plymouthd policy module Changes to the mozilla policy module Changes to the plymouth policy module Tab clean up in the podsleuth file context file Changes to the podsleuth policy module Tab clean up in the policykit file context file Changes to the policykit policy module and relevant dependencies Tab clean up in the portage file context file Changes to the portage policy module Tab clean up in the portmap file context file Changes to the portmap policy module Tab clean up in the portreserve file context file Changes to the portreserve policy module Tab clean up in the portslave file context file Changes to the portslave policy module and relevant dependencies Tab clean up in the postfix file context file Changes to the postfix policy module and relevant dependencies Fixes to various policy modules Tab clean up in the postfixpolicyd file context file Changes to the postfixpolicyd policy module Tab clean up in the postgrey file context file Changes to the postgrey policy module Tab clean up in the ppp file context file Changes to the ppp policy module and relevant dependencies Tab clean up in the prelink file context file Changes to the prelink policy module and relevant dependencies Tab clean up in the prelude file context file Changes to the prelude policy module Tab clean up in the privoxy file context file Changes to the privoxy policy module Tab clean up in the procmail file context file Changes to the procmail policy module Tab clean up in the psad file context file Changes to the psad policy module Changes to the ptchown policy module Tab clean up in the publicfile file context file Changes to the publicfile policy module Fix a fatal syntax error in mozilla_plugin_role() Changes to the plymouth policy module Changes to the policykit policy module Module version bump for fixes in shorewall, fail2ban and portage policy modules by Sven Vermeulen Tab clean up in the puppet file context file Changes to ther puppet policy module and relevant dependencies Initial pwauth policy module Tab clean up in the pxe file context file Changes to the pxe policy module Tab clean up in the pyzor file context file Changes to the pyzor policy module Tab clean up in the qemu file context file Changes to the qemu policy module Tab clean up in the virt file context file Changes to the virt policy module and relevant depedencies Changes to the virt policy module Changes to the cron policy module Changes to the qemu policy module Changes to the virt policy module Epylog wants sys_nice and setsched Tab clean up in the qmail file context file Changes to the qmail policy module Tab clean up in the qpid file context file Changes to the qpid policy module Tab clean up in the quota file context file Changes to the quota policy module and relevant dependencies Initial rabbitmq policy module Tab clean up in the radius file context file Changes to the radius policy module Tab clean up in the radvd file context file Changes to the radvd policy module Changes to the raid policy module Tab clean up in the razor file context file Changes to the razor policy module and relevant dependencies Smokeping cgi needs to run ping with a domain transition Remove redundant socket create already provided by sysnet_dns_name_resolve() Changes to the virt policy module Changes to the apache policy module Changes to the gnome policy module Changes to the rdisc policy mpdule Changes to the readahead policy module Changes to the remotelogin policy module Tab clean up in the resmgr file context file Changes to the resmgr policy module Tab clean up in the rgmanager file context file Changes to the rgmanager policy module Initial Realmd policy module and relevant dependencies Fix resmgrd init script file context specification Changes to the cups policy module automount reads overcommit_memory Changes to the networkmanager policy module Freshclam manages amavis spool content Changes to the tftp policy module Changes to the cobbler policy module Tab clean up in the rhcs file context file Changes to the rhcs policy module and relevant dependencies Tab clean up in the rhgb file context file Changes to the rhgb policy module Tab clean up in the rhsmcertd file context file Changes to the rhsmcertd policy module Tab clean up in the ricci file context file Changes to the ricci policy module Tab clean up in the rlogin file context file Changes to the rlogin policy module Tab clean up in the roundup file context file Changes to the roundup policy module Changes to the remotelogin policy module Changes to the apache policy module Changes to the awstats policy module fix puppet_admin() need to require types that it uses Replace wrong type in puppet_admin() Fix a syntax error in ricci_domtrans() Catch all rpcbind content in /var/run Changes to the cups policy module Tab clean up in the rpc file context file Changes to the rpc policy module Tab clean up in the rpcbind file context file Changes to the rpcbind policy module Tab clean up in the rpm file context file Changes to the rpm policy module and depedencies Changes to the rshd policy module Changes to the virt policy module Changes to the rssh policy module Tab clean up in the rsync file context file Fix a typo in apache XML Changes to the rsync policy module Changes to the rtkit policy module Tab clean up in the rwho file context file Changes to the rwho policy module Reads /proc/sys/kernel/random/poolsize Tab clean up in the samba file context file Changes to the samba policy module and relevant dependencies Tab clean up in the sambagui file context file Changes to the sambagui policy module Initial firewallgui policy module Tab clean up in the samhain file context file Changes to the samhain policy module Tab clean up in the sanlock file context file Changes to the sanlock policy module and relevant dependencies Tab clean up in the sasl file context file Changes to the sasl policy module Chnages to the sblim policy module Tab clean up in the screen file context file Changes to the screen policy module Tab clean up in the sectoolm file context file Changes to firewallgui policy module Changes to the sectoolm policy module Tab clean up in the sendmail file context file Changes to the sendmail policy module and relevant dependencies Tab clean up in the setroubleshoot file context file Changes to the setroubleshoot policy module Tab clean up in the shorewall file context file Changes to the shorewall policy module Tab clean up in the shutdown file context file Changes to the shutdown policy module and relevant dependencies Tab clean up in the slocate file context file Changes to the slocate policy module and relevant dependencies These domains transition to shutdown domain now so they no longer need direct access Re-add missing network rule in screen policy module fail2ban server sets scheduler shutdown XML clean up libvirtd sets kernel scheduler mongod reads cpuinfo_max_freq Changes to the slrnpull policy module Tab clean up in the smartmon file context file Changes to the smartmon policy module Tab clean up in the smokeping file context file Changes to the smokeping policy module Tab clean up in the smoltclient file context file Changes to the smoltclient policy module Tab clean up in the snmp file context file Changes to the snmp policy module Tab clean up in the snort file context file Changes to the snort policy module Changes to the sosreport policy module and relevant dependencies Tab clean up in the soundserver file context file Changes to the soundserver policy module Tab clean up in the spamassassin file context file Changes to the spamassassin policy module and relevant dependendies spamassassin_role callers create ~/.spamd with the spamd_home_t user home type instead Re-add sys_admin capability that was lost with porting from Fedora Move mailscanner content to mailscanner module Changes to the speedtouch policy module Tab clean up in the squid file context file Changes to the squid policy module Changes to the sssd policy module Tab clean up in the stunnel file context file Changes to the stunnel policy module Tab clean up in the sxid file context file Changes to the sxid policy module Tab clean up in the sysstat file context file Changes to the sysstat policy module Tab clean up in the tcpd file context file Changes to the tcpd policy module Changes to the tcsd policy module Tab clean up in the telepathy file context file Changes to the telepathy policy module Tab clean up in the telnet file context file Changes to the telnet policy module Tab clean up in the tftp file context file Changes to the tftp policy module Tab clean up in the tgtd file context file Changes to the tgtd policy module Tab clean up in the thunderbird file context file Changes to the thunderbird policy module Catch /var/log/cron directory as well Dovecot module version bump for fixes by Sven Vermeulen Portage module version bump for fixes by Sven Vermeulen Cron module version bump for fixes by Sven Vermeulen Changes to the exim policy module Entropyd reads /proc/meminfo Blueman reads tmp_t directories Do not audit attempts by cups config to read tmp_t directories Do not audit attempts by fail2ban to read tmp_t directories Do not audit attempts by firewalld to read tmp_t directories Gnomeclock reads urandom and realtime clock Kdumpctl needs sys_chroot capability Various kdumpgui fixes from Fedora Do not audit attempts by logwatch to read tmp_t directories Catch all alias files Refine aliases file transition with names Realmd dbus chat policykit and networkmanager from Fedora Do not audit attempts by tuned to read tmp_t directories Changes to the timidity policy module Tab clean up in the tmpreaper file context file Changes to the tmpreaper policy module and relevant dependencies Tab clean up in the tor file context file Changes to the tor policy module Changes to the transproxy policy module Tab clean up in the tripwire file context file Changes to the tripwire policy module Tab clean up in the tuned file context file Changes to the tuned policy module Tab clean up in the tvtime file context file Changes to the tvtime policy module Changes to the tzdata policy module Changes to the ucspitcp policy module Tab clean up in the ulogd file context file Changes to the ulogd policy module Tab clean up in the uml file context file Changes to the uml policy module Make it so that irc clients can also get attributes of cifs, nfs, fuse and other file systems Changes to the updfstab policy module Changes to the uptime policy module Tab clean up in the usbmodules file context file Changes to the usbmodule policy module Changes to the usbmuxd policy module Tab clean up in the userhelper file context file Screen sends child terminated signals to all interactive fd domains Changes to the userhelper policy module and relevant dependencies Changes to the virt policy module Module version bump for fail2ban changes by Sven Vermeulen Changes to the rpm policy module fix smartmon init script file context specification Changes to the usernetctl policy module Tab clean up in the uucp file context file Changes to the uucp policy module Changes to the virt policy module Tab clean up in the uuid file context file Changes to the uuidd policy module Tab clean up in the uwimap file context file Changes to the uwimap policy module Tab clean up in the varnishd file context file Changes to the varnishd policy module Changes to the vbetool policy module Tab clean up in the vdagent file context file Changes to the vdagent policy module Tab clean up in the vhostmd file context file Changes to the vhostmd policy module Changes to the vlock policy module Tab clean up in the vmware file context file Changes to the vmware policy module Tab clean up in the vnstatd file context file Changes to the vnstatd policy module Tab clean up in the vpn file context file Changes to the vpnc policy module Tab clean up in the w3c file context file Changes to the w3c policy module Tab clean up in the watchdog file context file Changes to the watchdog policy module Changes to the wdmd policy module Changes to the webadm policy modules Changes to the webalizer policy module White space fix in apache policy module Changes to the wine policy module Tab clean up in the wireshark file context file Changes to the wireshark policy module Tab clean up in the wm file context file Changes to the wm policy module Changes to the inn policy module Move man cache file type to miscfiles Changes to the inn policy module More accurate dbadm boolean descriptions mysql_admin() has access to ~/.my.cnf files Tab clean up in the xen file context file Changes to the xen policy module and relevant dependencies Tab clean up in the xfs file context file Changes to the xfs policy module Changes to the xguest policy module and relevant dependencies Changes to the xprint policy module Changes to the xscreensaver policy module Tab clean up in the yam file context file Changes to the yam policy module Tab clean up in the zabbix file context file Changes to the zabbix policy module Tab clean up in the zarafa file context file Changes to the zarafa policy module Tab clean up in the zebra file context file Changes to the zebra policy module Changes to the zosremote policy module Changes to the mysql policy module Tab clean up in the pulseaudio file context file Changes to the pulseaudio policy module and relevant dependencies Changes to the pulseaudio policy module One chown too many Changes to the mplayer policy module The prelink cron script now runs in its own domain Initial smstools policy module Initial openvswitch policy module and relevant dependencies Reads pcsd pid files Reads random device winbind manages smbd pid sock files from Fedora Changes to the bind policy module CG rules daemon reads all sysctls Runs consoletype and searches nfs state data from Fedora Support munin unbound plugin from Fedora Zabbix sends signals from Fedora Blueman sets scheduler and sends signals from Fedora pcscd_read_pub_files is deprecated, use pcscd_read_pid_files instead Module version bumps for fixes in portage and virt modules by Sven Vermeulen Policy module version bumps for various changes by Sven Vermeulen Changes to the openvpn policy module Module version bumps for various fixes by Sven Vermeulen Changes to the mandb policy module Changes to the tmpreaper policy module Changes to the munin policy module Changes to the rngd policy module Changes to the awstats policy module and relevant dependencies Changes to the apache policy module Changes to various policy modules Changes to the abrt policy module Changes to the passenger policy module and relevant depedencies Changes to the pegagus policy module Changes to the mta policy module Changes to the fetchmail policy module Changes to the bitlbee policy module Changes to the blueman policy module and relevant dependencies Changes to the amavis policy module Changes to the userhelper policy module Changes to the blueman policy module Changes to the squid policy module Changes to the sblim policy module Changes to the kdumpgui policy module Changes to the mailman policy module Changes to the realmd policy module Changes to the raid policy module Changes to the samba policy module Changes to the various policy modules Changes to the snmp policy module Changes to the spamassassin policy module Changes to the sssd policy module Changes to the l2tpd policy module Changes to the shorewall policy module Changes to the xen policy module Changes to the tftp policy modules Changes to the accountsd policy module Changes to the tgtd policy module Changes to the corosync policy module Changes to the kdump policy module Changes to the openvswitch policy module Changes to the mpd policy module Changes to the mozilla policy module Changes to the zarafa policy module Changes to the boinc policy module Changes to the setroubleshoot policy module Changes to the dspam policy module Changes to the rgrmanager policy module and relevant dependencies Changes to the svnserve policy module Changes to the virt policy module Changes to the prelink policy module Changes to the apache policy module Changes to the gnomeclock policy module Changes to various policy modules Changes to the pegagus policy module Changes to the shorewall policy module Changes to the kerberos policy module Changes to the rhcs policy module Changes to the irc policy module Changes to the clamav policy module Changes to the mrtg policy module Changes to the munin policy module Changes to the amavis policy module Changes to the ppp policy module Initial jockey policy module Module version bumps for "several named transition for directories created in /var/run by initscripts" in various modules by Laurent Bigonville Module version bumps for fixes in various modules by Laurent Bigonville Module version bump for changes to the consolekit policy module by Laurent Bigonville Changes to the stunnel policy module Module version bumps for fixes in various modules by Sven Vermeulen Changes to the virt policy module Changes to the apache policy module Changes to the wm policy module Changes to the samba policy module Changes to the certmonger policy module Changes to the mozilla policy module Changes to the corosync policy module Changes to the pacemaker policy module Changes to the tuned policy module Changes to the cups module and relevant dependencies Changes to the rhsmcertd policy module Changes to the lpd policy module Changes to the munin policy module Changes to the ntp policy module Changes to the tor policy module Changes to the firewalld policy module Changes to the dspam policy module Changes to the setroubleshoot policy module Changes to the condor policy module Changes to the kerberos policy module Changes to the passenger policy module Changes to the ppp policy module Changes to the the dkim policy module Changes to the abrt policy module Changes to the lircd policy module Changes to the dkim policy module Changes to the virt policy module Changes to the munin policy module Changes to the dovecot policy module Changes to the cobbler policy module Changes to the userhelper policy module Changes to the logwatch policy module Changes to the wdmd policy module and relevant dependencies Changes to the nscd policy module and relevant dependencies Changes to the dbus policy module Module version bumps for fixes in various policy modules by Laurent Bigonville Changes to the cups policy module Changes to the dbus policy module Changes to the apcupsd policy module Remove redundant net_bind_service capabilities in various modules Changes to the virt policy module Changes to the puppet policy module Module version bumps for fixes in various policy module by Sven Vermeulen Module version bumps for file context fixes in various policy modules by Laurent Bigonville Make httpd_manage_all_user_content() do what it advertises Add more networking rules to mplayer policy module for compatibility Fix fcronsighup file context. Should be crontab_exec_t as per previous spec Module version bumps for changes in various modules by Sven Vermeulen Move asterisk_exec() and modify XML header Consolekit creates /var/run/console directories with a type transition unconditionally Module version bump in consolekit policy module for changes by Sven Vermeulen The imaplogin executable file should be courier_pop_exec_t according to existing file context specification Module version bump for changes to the fail2ban policy module by Sven Vermeulen Modules version bumps for changes in various policy modules by Sven Vermeulen Laurent Bigonville (28): Add Debian locations for Telepathy connection managers Label telepathy-rakia as telepathy-sofiasip Allow smartd daemon to write in /var/lib/smartmontools directory Add Debian location for smartd daemon initscript Add Debian location for accounts-daemon daemon Add Debian location for rtkit-daemon daemon Add Debian location for tcsd init script Add Debian location for libvirtd init script Add Debian location for evolution executables Add Debian locationis for nut executables and configuration files Add several named transition for directories created in /var/run by initscripts Run packagekit under apt_t context on Debian distribution Add proper label for colord daemon in debian Allow the system dbus to search cgroup directories Allow virtd_t context to read sysctl_crypto_t Allow colord_t context to read sysctl_crypto_t Add proper label for gconfd-2 daemon in Debian Ensure that consolekit can create /var/run/console directory on Debian Properly label nm-dispatcher.action on Debian policykit.fc: Properly label polkit-agent-helper-1 on Debian cups.fc: Properly label cups-pk-helper-mechanism on Debian Allow pcscd the fsetid capability Allow networkmanager_t to read crypto_sysctl_t Allow virsh_t context to read sysctl_crypto_t Allow cupsd_t to read cupsd_log_t gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian ptchown.fc: Properly label pt_chown executable in Debian Label /usr/bin/kvm as qemu_exec_t Matthew Thode (2): added autofs support and nsswitch support removing refrences to named_var_lib_t as it doesn't exist anymore for bind.if Mika Pflüger (3): Allow saslauthd_t to talk to mysqld via TCP Quota policy adjustments: * Allow quota_t to load kernel modules Debian locations for dovecot deliver and dovecot auth. Russell Coker (1): Fix djbdns ports Sven Vermeulen (75): Update with new substitutions Mark the pid directory as a pid directory Add in transitions for queue types when the queues are created Fix typo in interface postfix_exec_postqueue Allow maildelivery to use dotlock files in the mail spool Allow postfix local to change ownership of mailfiles Use libexec location for postfix binaries Allow initrc_t to create run dirs for contrib modules Update logwatch location in file context Sandbox is an inherent part of the portage inner workings Fix startup issue with fail2ban-client Be able to get output from fail2ban-client Ignore searches when ran from the user home directory Shorewall admins execute shorewall too Shorewall needs sys_admin capability for manipulating network stack Be able to display dovecot errors Remove transition to ldconfig Adding interfaces for handling cron log files Fail2ban client checks state of log files before telling the server Support mysql init script Support initial creation of mysql database files Portage fetch domain needs to access certificates Make samba domtrans optional in virt Fix typo in tunable declaration for fcron_crond Introducing cron_manage_log_files interface Introduce dontaudit interfaces for leaked fd and unix stream sockets Dontaudit attempts by system_mail_t to use leaked fd or stream sockets Support at service Additional postfix admin requirements Reintroduce postfix_var_run_t for pid directory and fowner capability Postfix deferred queue should not mark mails as postfix_spool_maildrop_t Running qemu with SDL support requires more xserver-related privileges Fix typo in clockspeed comment Support openvpn status file Asterisk voicemail messages are generated from tmp Make rtkit calls optional Gentoo installs dovecot certs in /etc/ssl/dovecot Moving sandbox code to sandbox section (v2) Allow sandbox to log violations Use rw_fifo_file_perms Apache should not depend on gpg Named init script creates rundir Add ~/.maildir as a valid maildir destination Support stunnel_read_config for startup Updates on stunnel policy More .maildir fixes Mark make.profile entry as portage_conf_t (v2) Move mta call (coding style) Changes to puppet domain Allow rpc admin to run exportfs Grant sys_admin capability to puppet Puppet module helper scripts are puppet_var_lib_t Support netlink_route_socket creation for puppet Puppet initscript creates /run/puppet Puppet runs statfs against selinuxfs mplayer streams HTTP resources fcron and fcronsighup binaries are moved Asterisk needs to search through logs Denial in mail log on node bind Fix typo in mcelog_admin (missing bracket) Add in contexts for fcron rm.systab and systab.tmp Remove pulseaudio filename_trans conflict Allow asterisk admins to execute asterisk binary directly Support tagfiles for consolekit ConsoleKit needs to read the dbus machine-id File context updates for courier-imap Update on file contexts for OpenLDAP Update on file contexts for wpa_supplicant Allow IRC clients to read certificates Allow reading /proc/self for fail2ban due to FAM support Update file contexts for puppet Support ~/.tmux.conf as tmux configuration file Add setuid/setgid capability to ulogd_t Support tmux control socket Postfix creates defer(red) queue locations