From 08d7c7339bf9f859d32522e1be6117553334660d Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mar 22 2010 14:47:41 +0000
Subject: Sysstat patch from Dan Walsh.


---

diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te
index c920653..9260316 100644
--- a/policy/modules/services/sysstat.te
+++ b/policy/modules/services/sysstat.te
@@ -1,5 +1,5 @@
 
-policy_module(sysstat, 1.5.0)
+policy_module(sysstat, 1.5.1)
 
 ########################################
 #
@@ -19,14 +19,15 @@ logging_log_file(sysstat_log_t)
 # Local policy
 #
 
-allow sysstat_t self:capability { sys_resource sys_tty_config };
+allow sysstat_t self:capability { dac_override sys_resource sys_tty_config };
 dontaudit sysstat_t self:capability sys_admin;
 allow sysstat_t self:fifo_file rw_fifo_file_perms;
 
 can_exec(sysstat_t, sysstat_exec_t)
 
+manage_dirs_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
 manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
-read_lnk_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
+manage_lnk_files_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
 logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
 
 # get info from /proc