From b925ad437c7865cd3d1e27e455bfcf0df013e604 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Tue, 13 Dec 2011 15:25:30 +0000
Subject: [PATCH] Allow all jabberd domain to read system state

---
 policy/modules/services/jabber.te | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
index a666df29..24e20b07 100644
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
@@ -64,8 +64,6 @@ optional_policy(`
 manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
 manage_dirs_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
 
-kernel_read_system_state(jabberd_t)
-
 corenet_tcp_bind_jabber_interserver_port(jabberd_t)
 corenet_tcp_connect_jabber_router_port(jabberd_t)
 
@@ -94,8 +92,6 @@ manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t);
 files_search_spool(pyicqt_t)
 manage_files_pattern(pyicqt_t, pyicqt_var_spool_t, pyicqt_var_spool_t);
 
-kernel_read_system_state(pyicqt_t)
-
 corenet_tcp_bind_jabber_router_port(pyicqt_t)
 corenet_tcp_connect_jabber_router_port(pyicqt_t)
 
@@ -130,6 +126,8 @@ allow jabberd_domain self:fifo_file rw_fifo_file_perms;
 allow jabberd_domain self:tcp_socket create_stream_socket_perms;
 allow jabberd_domain self:udp_socket create_socket_perms;
 
+kernel_read_system_state(jabberd_domain)
+
 corenet_all_recvfrom_unlabeled(jabberd_domain)
 corenet_all_recvfrom_netlabel(jabberd_domain)
 corenet_tcp_sendrecv_generic_if(jabberd_domain)
-- 
2.47.3