From: rongqing.li@windriver.com (rongqing.li at windriver.com)
Date: Mon, 22 Aug 2011 09:18:30 +0800
Subject: [refpolicy] [PATCH 1/1] Make setfiles be able to send audit
	messages.
Message-ID: <1313975910-27826-1-git-send-email-rongqing.li@windriver.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Roy.Li <rongqing.li@windriver.com>

When audit subsystem is enabled, and setfiles works from root
dir, setfiles would send the AUDIT_FS_RELABEL information to
audit system, If no permission to send the information to audit
by netlink, setfiles would return error.

The test cases to reproduce this defect:
	=> restorecon -R /
	=> echo $?
	255
	=>

Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---
 policy/modules/system/selinuxutil.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index e252935..aa080e9 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -557,6 +557,8 @@ init_use_script_fds(setfiles_t)
 init_use_script_ptys(setfiles_t)
 init_exec_script_files(setfiles_t)
 
+logging_send_audit_msgs(setfiles_t)
+
 logging_send_syslog_msg(setfiles_t)
 
 miscfiles_read_localization(setfiles_t)
-- 
1.6.3.1