From: cgzones@googlemail.com (=?UTF-8?q?Christian=20G=C3=B6ttsche?=)
Date: Tue, 12 Sep 2017 11:24:03 +0200
Subject: [refpolicy] [PATCH] mandb: fixes for systemd timer and
	/usr/local/man label
Message-ID: <20170912092403.3951-1-cgzones@googlemail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 mandb.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mandb.te b/mandb.te
index 5c759da..de1ac65 100644
--- a/mandb.te
+++ b/mandb.te
@@ -10,7 +10,7 @@ roleattribute system_r mandb_roles;
 
 type mandb_t;
 type mandb_exec_t;
-application_domain(mandb_t, mandb_exec_t)
+init_system_domain(mandb_t, mandb_exec_t)
 role mandb_roles types mandb_t;
 
 type mandb_unit_t;
@@ -40,6 +40,8 @@ domain_use_interactive_fds(mandb_t)
 
 files_dontaudit_search_home(mandb_t)
 files_read_etc_files(mandb_t)
+# /usr/local/man
+files_read_usr_symlinks(mandb_t)
 # search /var/run/nscd/socket
 files_search_pids(mandb_t)
 
-- 
2.14.1