From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 3 Oct 2011 21:24:05 +0200
Subject: [refpolicy] [PATCH v2 1/2] Asterisk admin must be able to run
	'asterisk -r'
In-Reply-To: <20111003192247.GA6987@siphos.be>
References: <20111003192247.GA6987@siphos.be>
Message-ID: <20111003192405.GB6987@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

One of the most frequently ran commands by asterisk administrators is to
run 'asterisk -r' to manipulate (through the asterisk socket) the
asterisk daemon (sort-of asterisk-specific shell support).

We mark the asterisk_exec_t type as an application_exec_type so that it
can be executed by the user domains.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 asterisk.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/asterisk.te b/asterisk.te
index b3b0176..6f6c42c 100644
--- a/asterisk.te
+++ b/asterisk.te
@@ -8,6 +8,7 @@ policy_module(asterisk, 1.9.0)
 type asterisk_t;
 type asterisk_exec_t;
 init_daemon_domain(asterisk_t, asterisk_exec_t)
+application_executable_file(asterisk_exec_t)
 
 type asterisk_etc_t;
 files_config_file(asterisk_etc_t)
-- 
1.7.3.4