From 13bae06f358907c3abc9e8cf5c7a4dd3b63f394c Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 10 Oct 2014 11:43:42 +0200
Subject: [PATCH 2/3] ALlow sanlock to send a signal to virtd_t.

---
 sanlock.te |  1 +
 virt.if    | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/sanlock.te b/sanlock.te
index b144d40..c60eacd 100644
--- a/sanlock.te
+++ b/sanlock.te
@@ -119,6 +119,7 @@ optional_policy(`
 optional_policy(`
 	virt_kill_svirt(sanlock_t)
 	virt_kill(sanlock_t)
+    virt_signal(sanlock_t)
 	virt_manage_lib_files(sanlock_t)
 	virt_signal_svirt(sanlock_t)
 ')
diff --git a/virt.if b/virt.if
index 88dcafb..7f53dd7 100644
--- a/virt.if
+++ b/virt.if
@@ -989,6 +989,24 @@ interface(`virt_kill',`
 
 ########################################
 ## <summary>
+##	Send a signal to virtd daemon.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`virt_signal',`
+	gen_require(`
+		type virtd_t;
+	')
+
+	allow $1 virtd_t:process signal;
+')
+
+########################################
+## <summary>
 ##	Send a signal to virtual machines
 ## </summary>
 ## <param name="domain">
-- 
2.1.0