Allow all jabberd domain to read system state

author Miroslav Grepl <mgrepl@redhat.com>

Tue, 13 Dec 2011 15:25:30 +0000 (15:25 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Tue, 13 Dec 2011 15:25:53 +0000 (15:25 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Tue, 13 Dec 2011 15:25:30 +0000 (15:25 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Tue, 13 Dec 2011 15:25:53 +0000 (15:25 +0000)
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te

index a666df29c581f88f93fb85e8ba8d9af3c833dafa..24e20b076733387f8cedac028e707ec5b58533c9 100644 (file)
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
@@ -64,8 +64,6 @@ optional_policy(`
  manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
  manage_dirs_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
  
-kernel_read_system_state(jabberd_t)
-
  corenet_tcp_bind_jabber_interserver_port(jabberd_t)
  corenet_tcp_connect_jabber_router_port(jabberd_t)
  
@@ -94,8 +92,6 @@ manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t);
  files_search_spool(pyicqt_t)
  manage_files_pattern(pyicqt_t, pyicqt_var_spool_t, pyicqt_var_spool_t);
  
-kernel_read_system_state(pyicqt_t)
-
  corenet_tcp_bind_jabber_router_port(pyicqt_t)
  corenet_tcp_connect_jabber_router_port(pyicqt_t)
  
@@ -130,6 +126,8 @@ allow jabberd_domain self:fifo_file rw_fifo_file_perms;
  allow jabberd_domain self:tcp_socket create_stream_socket_perms;
  allow jabberd_domain self:udp_socket create_socket_perms;
  
+kernel_read_system_state(jabberd_domain)
+
  corenet_all_recvfrom_unlabeled(jabberd_domain)
  corenet_all_recvfrom_netlabel(jabberd_domain)
  corenet_tcp_sendrecv_generic_if(jabberd_domain)
author	Miroslav Grepl <mgrepl@redhat.com>
	Tue, 13 Dec 2011 15:25:30 +0000 (15:25 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Tue, 13 Dec 2011 15:25:53 +0000 (15:25 +0000)