diff -ru serefpolicy-2.3.7.orig/policy/modules/kernel/kernel.if serefpolicy-2.3.7/policy/modules/kernel/kernel.if
--- serefpolicy-2.3.7.orig/policy/modules/kernel/kernel.if 2006-09-23 22:43:33.000000000 +1000
+++ serefpolicy-2.3.7/policy/modules/kernel/kernel.if 2006-09-23 22:44:06.000000000 +1000
@@ -1978,6 +1978,24 @@
########################################
##
+## Allow caller to stat unlabeled processes.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`kernel_getattr_unlabeled_procs',`
+ gen_require(`
+ type unlabeled_t;
+ ')
+
+ allow $1 unlabeled_t:process getattr;
+')
+
+########################################
+##
## Allow caller to relabel unlabeled files.
##
##
diff -ru serefpolicy-2.3.7.orig/policy/modules/services/amavis.fc serefpolicy-2.3.7/policy/modules/services/amavis.fc
--- serefpolicy-2.3.7.orig/policy/modules/services/amavis.fc 2006-08-12 20:57:28.000000000 +1000
+++ serefpolicy-2.3.7/policy/modules/services/amavis.fc 2006-09-23 22:44:06.000000000 +1000
@@ -7,6 +7,6 @@
/var/amavis(/.*)? gen_context(system_u:object_r:amavis_var_lib_t,s0)
/var/lib/amavis(/.*)? gen_context(system_u:object_r:amavis_var_lib_t,s0)
/var/log/amavisd\.log -- gen_context(system_u:object_r:amavis_var_log_t,s0)
-/var/run/amavis(d)?(/.*)? gen_context(system_u:object_r:amavis_var_run_t,s0)
+/var/run/amavis(d)?/.+ gen_context(system_u:object_r:amavis_var_run_t,s0)
/var/spool/amavisd(/.*)? gen_context(system_u:object_r:amavis_spool_t,s0)
/var/virusmails(/.*)? gen_context(system_u:object_r:amavis_quarantine_t,s0)
diff -ru serefpolicy-2.3.7.orig/policy/modules/services/amavis.te serefpolicy-2.3.7/policy/modules/services/amavis.te
--- serefpolicy-2.3.7.orig/policy/modules/services/amavis.te 2006-09-23 22:43:33.000000000 +1000
+++ serefpolicy-2.3.7/policy/modules/services/amavis.te 2006-09-23 22:44:06.000000000 +1000
@@ -50,6 +50,7 @@
allow amavis_t self:unix_stream_socket create_stream_socket_perms;
allow amavis_t self:unix_dgram_socket create_socket_perms;
allow amavis_t self:tcp_socket { listen accept };
+allow amavis_t proc_t:lnk_file read;
# configuration files
allow amavis_t amavis_etc_t:dir r_dir_perms;
@@ -66,7 +67,6 @@
allow amavis_t amavis_spool_t:dir manage_dir_perms;
allow amavis_t amavis_spool_t:file manage_file_perms;
allow amavis_t amavis_spool_t:sock_file manage_file_perms;
-files_spool_filetrans(amavis_t,amavis_spool_t,{ dir file })
type_transition amavis_t amavis_spool_t:sock_file amavis_var_run_t;
# tmp files
@@ -78,8 +78,6 @@
allow amavis_t amavis_var_lib_t:file create_file_perms;
allow amavis_t amavis_var_lib_t:sock_file create_file_perms;
allow amavis_t amavis_var_lib_t:dir create_dir_perms;
-files_var_filetrans(amavis_t,amavis_var_lib_t,{ file dir sock_file })
-files_var_lib_filetrans(amavis_t,amavis_var_lib_t,file)
# log files
allow amavis_t amavis_var_log_t:file create_file_perms;
diff -ru serefpolicy-2.3.7.orig/policy/modules/services/samba.te serefpolicy-2.3.7/policy/modules/services/samba.te
--- serefpolicy-2.3.7.orig/policy/modules/services/samba.te 2006-09-23 22:43:33.000000000 +1000
+++ serefpolicy-2.3.7/policy/modules/services/samba.te 2006-09-23 22:44:06.000000000 +1000
@@ -521,10 +521,6 @@
userdom_use_sysadm_ttys(smbmount_t)
optional_policy(`
- cups_read_rw_config(smbd_t)
-')
-
-optional_policy(`
nis_use_ypbind(smbmount_t)
')
diff -ru serefpolicy-2.3.7.orig/policy/modules/system/unconfined.if serefpolicy-2.3.7/policy/modules/system/unconfined.if
--- serefpolicy-2.3.7.orig/policy/modules/system/unconfined.if 2006-09-23 22:43:33.000000000 +1000
+++ serefpolicy-2.3.7/policy/modules/system/unconfined.if 2006-09-23 22:44:06.000000000 +1000
@@ -89,6 +89,11 @@
optional_policy(`
storage_unconfined($1)
')
+
+ optional_policy(`
+ kernel_getattr_unlabeled_procs($1)
+ kernel_kill_unlabeled($1)
+ ')
')
########################################