From: russell@coker.com.au (Russell Coker)
Date: Tue, 14 Feb 2017 20:22:14 +1100
Subject: [refpolicy]  [PATCH] tiny mon patch
Message-ID: <20170214092214.34skcrjynny264h6@athena.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When you merged the mon patch you removed the ability for mon_t to execute
lib_t files.

The following patch re-enables the ability to execute alert scripts.

Index: refpolicy-2.20170212/policy/modules/kernel/corecommands.fc
===================================================================
--- refpolicy-2.20170212.orig/policy/modules/kernel/corecommands.fc
+++ refpolicy-2.20170212/policy/modules/kernel/corecommands.fc
@@ -155,6 +155,7 @@ ifdef(`distro_gentoo',`
 /usr/bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
 /usr/lib/(.*/)?bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/mon/alert.d(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/postfix/configure-instance.sh -- gen_context(system_u:object_r:bin_t,s0)
 
 /usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)