From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 26 Mar 2012 20:49:11 +0200
Subject: [refpolicy] [PATCH 1/5] Allow asterisk to chown its own
 /var/run/asterisk directory
In-Reply-To: <20120326184827.GA24792@siphos.be>
References: <20120326184827.GA24792@siphos.be>
Message-ID: <20120326184910.GB24792@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

During startup, asterisk verifies the ownership of its run-directory and, if not set correctly, changes it accordingly.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 asterisk.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/asterisk.te b/asterisk.te
index 22d7cdf..c702879 100644
--- a/asterisk.te
+++ b/asterisk.te
@@ -40,7 +40,7 @@ files_pid_file(asterisk_var_run_t)
 #
 
 # dac_override for /var/run/asterisk
-allow asterisk_t self:capability { dac_override setgid setuid sys_nice net_admin };
+allow asterisk_t self:capability { dac_override setgid setuid sys_nice net_admin chown };
 dontaudit asterisk_t self:capability sys_tty_config;
 allow asterisk_t self:process { getsched setsched signal_perms getcap setcap };
 allow asterisk_t self:fifo_file rw_fifo_file_perms;
-- 
1.7.3.4