From 8808fdadb9a600d1ddf94883b15b37673f2f7ffa Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 29 Dec 2011 12:39:29 -0500
Subject: [PATCH] Shouldn't boinc_t be in the boinc_domain, also does boinc
 need to kill processes running as a different UID?

---
 policy/modules/services/boinc.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
index 61b22fc9..040aa2e2 100644
--- a/policy/modules/services/boinc.te
+++ b/policy/modules/services/boinc.te
@@ -7,7 +7,7 @@ policy_module(boinc, 1.0.0)
 
 attribute boinc_domain;
 
-type boinc_t;
+type boinc_t, boinc_domain;
 type boinc_exec_t;
 init_daemon_domain(boinc_t, boinc_exec_t)
 
@@ -70,7 +70,6 @@ optional_policy(`
 # boinc local policy
 #
 
-allow boinc_t self:capability { kill };
 allow boinc_t self:process { setsched sigkill };
 
 allow boinc_t self:unix_stream_socket create_stream_socket_perms;
-- 
2.47.3