From 183f79e38ec40f1296b9bf6b1569ce9a908b408d Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Mar 04 2010 19:12:41 +0000
Subject: Fix cobbler_admin interface to require cobblerd_initrc_exec_t.


As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

---

diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
index 1f2c492..8ce15ef 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -161,7 +161,7 @@ interface(`cobbler_manage_lib_files',`
 interface(`cobblerd_admin',`
 	gen_require(`
 		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
-		type cobbler_etc_t;
+		type cobbler_etc_t, cobblerd_initrc_exec_t;
 	')
 
 	allow $1 cobblerd_t:process { ptrace signal_perms getattr };