From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 19 Feb 2017 16:35:44 -0500
Subject: [refpolicy] [PATCH] base monit policy
In-Reply-To: <201702192107.50397.russell@coker.com.au>
References: <20170216093250.4iedsx44safh2qxa@athena.coker.com.au>
	<19d23b60-f510-25a5-e80e-99a3c7517695@ieee.org>
	<201702192107.50397.russell@coker.com.au>
Message-ID: <66399dbf-0588-230a-fbc5-7af3351d6906@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/19/17 05:07, Russell Coker wrote:
> On Sun, 19 Feb 2017 12:17:29 AM Chris PeBenito wrote:
>> On 02/16/17 04:32, Russell Coker via refpolicy wrote:
>>> Here is a patch for the monit policy without the monit_interactive_t
>>> domain. This should be a minimally functional monit policy and we can
>>> then build on it with the monit_interactive_t domain (or maybe a
>>> different way of achieving the same goal).
>>>
>>>
>>> From: cgzones <cgzones@googlemail.com>
>>> Date: Fri, 25 Nov 2016 22:53:35 +0100
>>> Subject: add monit module
>>>
>>> ---
>>>
>>> +
>>> +		init_get_all_units_status(monit_t)
>>> +		init_get_system_status(monit_t)
>>> +		init_start_all_units(monit_t)
>>> +		init_stop_all_units(monit_t)
>>> +		init_stream_connect(monit_t)
>>> +	')
>>> +')
>>
>> This patch looks ok, except for this part.  Using the attribute like
>> this isn't acceptable.  Also, if systemd isn't enabled, this is an empty
>> block, so the ifdef should be on the outside and tunable_policy nested
>> inside.
>
> OK, I've attached a new version that fixes this.

Merged, though I made a few trivial changes.

-- 
Chris PeBenito