From 3c8f6b1af87cf32d47f3dbf198bca615508844b5 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 6 Dec 2005 15:23:59 +0000
Subject: [PATCH] policy-20051114.patch from dan

---
 refpolicy/policy/modules/admin/rpm.te        | 3 ---
 refpolicy/policy/modules/services/dbus.te    | 4 ++--
 refpolicy/policy/modules/system/authlogin.te | 3 ++-
 refpolicy/policy/modules/system/logging.te   | 4 +++-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 0b65622a5..246c73f2e 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -201,9 +201,6 @@ optional_policy(`nis',`
 ')
 
 ifdef(`TODO',`
-# cjp: this seems way out of place
-role sysadm_r types initrc_t;
-
 # read/write/create any files in the system
 dontaudit rpm_t domain:{ socket unix_dgram_socket udp_socket unix_stream_socket tcp_socket fifo_file rawip_socket packet_socket } getattr;
 allow rpm_t ttyfile:chr_file unlink;
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index e54be5267..ff68da787 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
 
-policy_module(dbus,1.0)
+policy_module(dbus,1.0.1)
 
 gen_require(`
 	class dbus { send_msg acquire_svc };
@@ -30,7 +30,7 @@ files_pid_file(system_dbusd_var_run_t)
 
 # dac_override: /var/run/dbus is owned by messagebus on Debian
 # cjp: dac_override should probably go in a distro_debian
-allow system_dbusd_t self:capability { dac_override setgid setuid };
+allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
 dontaudit system_dbusd_t self:capability sys_tty_config;
 allow system_dbusd_t self:process { getattr signal_perms };
 allow system_dbusd_t self:fifo_file { read write };
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index eea835aef..157b8d4a3 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(authlogin,1.0.1)
+policy_module(authlogin,1.0.2)
 
 ########################################
 #
@@ -278,6 +278,7 @@ dev_read_urand(system_chkpwd_t)
 fs_dontaudit_getattr_xattr_fs(system_chkpwd_t)
 
 term_dontaudit_use_unallocated_tty(system_chkpwd_t)
+term_dontaudit_use_generic_pty(system_chkpwd_t)
 
 corecmd_search_sbin(system_chkpwd_t)
 
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 309379c2b..295199582 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
 
-policy_module(logging,1.0.1)
+policy_module(logging,1.0.2)
 
 ########################################
 #
@@ -69,7 +69,9 @@ allow auditctl_t etc_t:file { getattr read };
 allow auditctl_t auditd_etc_t:file r_file_perms;
 
 kernel_read_kernel_sysctl(auditctl_t)
+kernel_read_proc_symlinks(auditctl_t)
 
+domain_read_all_domains_state(auditctl_t)
 domain_use_wide_inherit_fd(auditctl_t)
 
 init_use_script_pty(auditctl_t)