From fb7966dd3b66856fb0d421927b3c7342f20db29d Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 5 Dec 2011 12:28:21 +0100
Subject: [PATCH] More fixes for rhev_agentd_t consolehelper policy  * Allow
 dbus chat with unconfined, unconfined_dbusd_t  * Backport RHEL6 fixes

---
 policy/modules/services/rhev.te | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/rhev.te b/policy/modules/services/rhev.te
index 6c383561..d3473e67 100644
--- a/policy/modules/services/rhev.te
+++ b/policy/modules/services/rhev.te
@@ -73,9 +73,29 @@ optional_policy(`
 ')
 
 optional_policy(`
-	userhelper_console_role_template(rhev_agentd, system_r, rhev_agentd_t)
+   xserver_dbus_chat_xdm(rhev_agentd_t)
 ')
 
+######################################
+#
+# rhev_agentd_t consolehelper local policy
+#
+
 optional_policy(`
-   xserver_dbus_chat_xdm(rhev_agentd_t)
+	userhelper_console_role_template(rhev_agentd, system_r, rhev_agentd_t)
+
+	allow rhev_agentd_consolehelper_t rhev_agentd_log_t:file append;
+
+	can_exec(rhev_agentd_consolehelper_t, rhev_agentd_exec_t)
+	kernel_read_system_state(rhev_agentd_consolehelper_t)
+
+	term_use_virtio_console(rhev_agentd_consolehelper_t)
+
+	optional_policy(`
+		dbus_session_bus_client(rhev_agentd_consolehelper_t)
+	')
+
+	optional_policy(`
+		unconfined_dbus_chat(rhev_agentd_consolehelper_t)
+	')
 ')
-- 
2.47.3