From 24ea653911e33aa95d91de71416b7aecd148e8d8 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Sep 25 2010 11:07:04 +0000
Subject: Allow guest to run ps command on its processes by allowing it to read /proc


---

diff --git a/policy/modules/roles/guest.te b/policy/modules/roles/guest.te
index 321e5a7..f332441 100644
--- a/policy/modules/roles/guest.te
+++ b/policy/modules/roles/guest.te
@@ -9,6 +9,8 @@ role guest_r;
 
 userdom_restricted_user_template(guest)
 
+kernel_read_system_state(guest_t)
+
 ########################################
 #
 # Local policy