From: Miroslav Grepl <mgrepl@redhat.com>
Date: Tue, 13 Dec 2011 15:25:30 +0000 (+0000)
Subject: Allow all jabberd domain to read system state
X-Git-Tag: 000~15^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b925ad437c7865cd3d1e27e455bfcf0df013e604;p=people%2Fstevee%2Fselinux-policy.git

Allow all jabberd domain to read system state
---

diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
index a666df29..24e20b07 100644
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
@@ -64,8 +64,6 @@ optional_policy(`
 manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
 manage_dirs_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
 
-kernel_read_system_state(jabberd_t)
-
 corenet_tcp_bind_jabber_interserver_port(jabberd_t)
 corenet_tcp_connect_jabber_router_port(jabberd_t)
 
@@ -94,8 +92,6 @@ manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t);
 files_search_spool(pyicqt_t)
 manage_files_pattern(pyicqt_t, pyicqt_var_spool_t, pyicqt_var_spool_t);
 
-kernel_read_system_state(pyicqt_t)
-
 corenet_tcp_bind_jabber_router_port(pyicqt_t)
 corenet_tcp_connect_jabber_router_port(pyicqt_t)
 
@@ -130,6 +126,8 @@ allow jabberd_domain self:fifo_file rw_fifo_file_perms;
 allow jabberd_domain self:tcp_socket create_stream_socket_perms;
 allow jabberd_domain self:udp_socket create_socket_perms;
 
+kernel_read_system_state(jabberd_domain)
+
 corenet_all_recvfrom_unlabeled(jabberd_domain)
 corenet_all_recvfrom_netlabel(jabberd_domain)
 corenet_tcp_sendrecv_generic_if(jabberd_domain)