From: cgzones@googlemail.com (=?UTF-8?q?Christian=20G=C3=B6ttsche?=)
Date: Sun, 10 Sep 2017 17:26:11 +0200
Subject: [refpolicy] [PATCH] mandb: fixes for systemd timer and
	/usr/local/man label
Message-ID: <20170910152611.7435-1-cgzones@googlemail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 mandb.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/mandb.te b/mandb.te
index 5c759da..27d5fff 100644
--- a/mandb.te
+++ b/mandb.te
@@ -16,6 +16,11 @@ role mandb_roles types mandb_t;
 type mandb_unit_t;
 init_unit_file(mandb_unit_t)
 
+ifdef(`init_systemd',`
+	# run as systemd timer
+	init_system_domain(mandb_t, mandb_exec_t)
+')
+
 ########################################
 #
 # Local policy
@@ -40,6 +45,8 @@ domain_use_interactive_fds(mandb_t)
 
 files_dontaudit_search_home(mandb_t)
 files_read_etc_files(mandb_t)
+# /usr/local/man
+files_read_usr_symlinks(mandb_t)
 # search /var/run/nscd/socket
 files_search_pids(mandb_t)
 
-- 
2.14.1