From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 23 Feb 2010 15:49:20 -0500
Subject: [refpolicy] services_rtkit.patch
Message-ID: <4B843F50.3000603@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_rtkit.patch

rtkit_daemon_system_domain interface allows domains to say rtkit can 
setsched on their process.

+    rtkit_daemon_system_domain(pulseaudio_t)
+    rtkit_daemon_system_domain(staff_t)
+        rtkit_daemon_system_domain(unconfined_usertype)
+    rtkit_daemon_system_domain(user_t)
+         rtkit_daemon_system_domain(icecast_t)
+interface(`rtkit_daemon_system_domain',`
+    rtkit_daemon_system_domain(xdm_t)
+        rtkit_daemon_system_domain(initrc_t)
+        rtkit_daemon_system_domain($1_usertype)


Needs sys_nice capability
Needs to getsched on all domains.

Fix bug in te file