From: domg472@gmail.com (Dominick Grift)
Date: Tue, 13 Apr 2010 22:42:51 +0200
Subject: [refpolicy] [ munin patch 1/1] Run munin with full mcs range if mcs
 is enabled.
Message-ID: <20100413204243.GA15930@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Example:
avc:  denied  { ioctl } for  pid=3774 comm="grep" path="/proc/1564/status" dev=proc ino=21569 scontext=system_u:system_r:munin_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=file

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 9991b78... c407dc1... M	policy/modules/services/munin.te
 policy/modules/services/munin.te |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
index 9991b78..c407dc1 100644
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@@ -28,6 +28,9 @@ files_type(munin_var_lib_t)
 type munin_var_run_t alias lrrd_var_run_t;
 files_pid_file(munin_var_run_t)
 
+ifdef(`enable_mcs',` init_ranged_daemon_domain(munin_t, munin_exec_t, s0 - mcs_systemhigh)
+')
+
 ########################################
 #
 # Local policy
-- 
1.7.0.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100413/4f14e764/attachment.bin