This patch adds a new interface to the logging module and uses
such interface (as optional policy) from the setroubleshoot module.
The patch also adds another optional policy block to the setroubleshoot
(so that the locate module can read lib files).
diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/services/setroubleshoot.te refpolicy-git-02022011-new/policy/modules/services/setroubleshoot.te
--- refpolicy-git-02022011/policy/modules/services/setroubleshoot.te 2011-01-08 19:07:21.305751304 +0100
+++ refpolicy-git-02022011-new/policy/modules/services/setroubleshoot.te 2011-02-06 23:43:07.912654284 +0100
@@ -125,6 +125,14 @@ optional_policy(`
')
optional_policy(`
+ locate_read_lib_files(setroubleshootd_t)
+')
+
+optional_policy(`
+ logging_dbus_chat_dispatcher(setroubleshootd_t)
+')
+
+optional_policy(`
rpm_signull(setroubleshootd_t)
rpm_read_db(setroubleshootd_t)
rpm_dontaudit_manage_db(setroubleshootd_t)
diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/system/logging.if refpolicy-git-02022011-new/policy/modules/system/logging.if
--- refpolicy-git-02022011/policy/modules/system/logging.if 2011-01-08 19:07:21.355759202 +0100
+++ refpolicy-git-02022011-new/policy/modules/system/logging.if 2011-02-06 23:29:21.571770219 +0100
@@ -337,6 +337,27 @@ interface(`logging_stream_connect_dispat
########################################
## <summary>
+## Send and receive messages from
+## the audit dispatcher over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`logging_dbus_chat_dispatcher',`
+ gen_require(`
+ type audisp_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 audisp_t:dbus send_msg;
+ allow audisp_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
## Manage the auditd configuration files.
## </summary>
## <param name="domain">