From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 9 Nov 2011 13:07:42 +0000 (-0500)
Subject: vhostmd needs to send itself signals and wants to read /dev/random
X-Git-Tag: 000~152^2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75f2f722bc5bec2cd03f1b55eda71004819d1847;p=people%2Fstevee%2Fselinux-policy.git

vhostmd needs to send itself signals and wants to read /dev/random
---

diff --git a/policy/modules/services/vhostmd.te b/policy/modules/services/vhostmd.te
index 7baeb6ff..7e5ddbab 100644
--- a/policy/modules/services/vhostmd.te
+++ b/policy/modules/services/vhostmd.te
@@ -24,7 +24,7 @@ files_pid_file(vhostmd_var_run_t)
 #
 
 allow vhostmd_t self:capability { dac_override ipc_lock	setuid setgid };
-allow vhostmd_t self:process { setsched getsched };
+allow vhostmd_t self:process { setsched getsched signal };
 allow vhostmd_t self:fifo_file rw_fifo_file_perms;
 
 manage_dirs_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
@@ -49,6 +49,7 @@ files_list_tmp(vhostmd_t)
 files_read_etc_files(vhostmd_t)
 files_read_usr_files(vhostmd_t)
 
+dev_read_random(vhostmd_t)
 dev_read_sysfs(vhostmd_t)
 
 auth_use_nsswitch(vhostmd_t)