From e180388fca2de66a73a40fa34aedbf1c5f05e1c9 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 24 Nov 2011 11:41:10 +0100
Subject: [PATCH] Allow colord to execute shell Add bin_t label for
 "/usr/lib/iscan/network"

---
 policy/modules/kernel/corecommands.fc | 1 +
 policy/modules/services/colord.te     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 37d3b990..c82360e6 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -406,6 +406,7 @@ ifdef(`distro_suse',`
 # /usr/lib
 #
 
+/usr/lib/iscan/network				--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/ruby/gems/.*/agents(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/virtualbox/VBoxManage		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/yp/.+						--	gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
index 145a4eb8..25283e47 100644
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -49,6 +49,7 @@ kernel_request_load_module(colord_t)
 
 # reads *.ini files
 corecmd_exec_bin(colord_t)
+corecmd_exec_shell(colord_t)
 
 corenet_all_recvfrom_unlabeled(colord_t)
 corenet_all_recvfrom_netlabel(colord_t)
-- 
2.47.3