Bugzilla Bug 495212 - selinux messages from startup/ install

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@505 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

2 files changed, 6 insertions, 2 deletions

diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
index 5b8e89ebe..277faaec9 100644
--- a/pki/base/selinux/src/pki.if
+++ b/pki/base/selinux/src/pki.if
@@ -177,6 +177,9 @@ template(`pki_ca_template',`
 	allow $1_t self:unix_dgram_socket { write create connect };
 	allow $1_t syslogd_t:unix_dgram_socket sendto;
 
+       #allow sending mail
+       corenet_tcp_connect_smtp_port($1_t)
+
 ')
 
 ########################################
@@ -487,7 +490,8 @@ template(`pki_tps_template',`
 
         allow pki_tps_t lib_t:file execute_no_trans;
 
-        allow pki_tps_t self:capability { setuid sys_nice setgid dac_override };
+        #fowner needed for chmod
+        allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner};
         allow pki_tps_t self:process { setsched signal getsched  signull execstack execmem};
         allow pki_tps_t self:sem all_sem_perms;
         allow pki_tps_t self:tcp_socket create_stream_socket_perms;
diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
index 169dc0ef1..ae17c2520 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,1.0.7)
+policy_module(pki,1.0.8)
 
 attribute pki_ca_config;
 attribute pki_ca_executable;