vhostmd needs to send itself signals and wants to read /dev/random

author Dan Walsh <dwalsh@redhat.com>

Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)

committer Dan Walsh <dwalsh@redhat.com>

Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)
author Dan Walsh <dwalsh@redhat.com>
Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)
committer Dan Walsh <dwalsh@redhat.com>
Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)
diff --git a/policy/modules/services/vhostmd.te b/policy/modules/services/vhostmd.te

index 7baeb6ff18a1aaff8a3a53ff4066d07496ffe273..7e5ddbab3592a29b4c97861895228ae90ab35b3d 100644 (file)
--- a/policy/modules/services/vhostmd.te
+++ b/policy/modules/services/vhostmd.te
@@ -24,7 +24,7 @@ files_pid_file(vhostmd_var_run_t)
  #
  
  allow vhostmd_t self:capability { dac_override ipc_lock        setuid setgid };
-allow vhostmd_t self:process { setsched getsched };
+allow vhostmd_t self:process { setsched getsched signal };
  allow vhostmd_t self:fifo_file rw_fifo_file_perms;
  
  manage_dirs_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
@@ -49,6 +49,7 @@ files_list_tmp(vhostmd_t)
  files_read_etc_files(vhostmd_t)
  files_read_usr_files(vhostmd_t)
  
+dev_read_random(vhostmd_t)
  dev_read_sysfs(vhostmd_t)
  
  auth_use_nsswitch(vhostmd_t)
author	Dan Walsh <dwalsh@redhat.com>
	Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)
committer	Dan Walsh <dwalsh@redhat.com>
	Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)