From dcbbeeada390736c2e3b956012c6559f32bc1113 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Sep 15 2010 15:42:28 +0000
Subject: Access to get attributes of target accountsd_t domain is included with ps_process_pattern.


Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.

Access to get attributes of target asterisk_t domain is included with ps_process_pattern.

Permission to get attributes of target automount_t domain is included with ps_process_pattern.

Access to get attributes of target ntpd_t domain is included with ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

---

diff --git a/policy/modules/services/accountsd.if b/policy/modules/services/accountsd.if
index c0f858d..b46f76f 100644
--- a/policy/modules/services/accountsd.if
+++ b/policy/modules/services/accountsd.if
@@ -138,7 +138,7 @@ interface(`accountsd_admin',`
 		type accountsd_t;
 	')
 
-	allow $1 accountsd_t:process { ptrace signal_perms getattr };
+	allow $1 accountsd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, accountsd_t)
 
 	accountsd_manage_lib_files($1)
diff --git a/policy/modules/services/arpwatch.if b/policy/modules/services/arpwatch.if
index c804110..bdefbe1 100644
--- a/policy/modules/services/arpwatch.if
+++ b/policy/modules/services/arpwatch.if
@@ -137,7 +137,7 @@ interface(`arpwatch_admin',`
 		type arpwatch_initrc_exec_t;
 	')
 
-	allow $1 arpwatch_t:process { ptrace signal_perms getattr };
+	allow $1 arpwatch_t:process { ptrace signal_perms };
 	ps_process_pattern($1, arpwatch_t)
 
 	arpwatch_initrc_domtrans($1)
diff --git a/policy/modules/services/asterisk.if b/policy/modules/services/asterisk.if
index 8b8143e..c1a2b96 100644
--- a/policy/modules/services/asterisk.if
+++ b/policy/modules/services/asterisk.if
@@ -64,7 +64,7 @@ interface(`asterisk_admin',`
 		type asterisk_initrc_exec_t;
 	')
 
-	allow $1 asterisk_t:process { ptrace signal_perms getattr };
+	allow $1 asterisk_t:process { ptrace signal_perms };
 	ps_process_pattern($1, asterisk_t)
 
 	init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
diff --git a/policy/modules/services/automount.if b/policy/modules/services/automount.if
index bba047d..f384848 100644
--- a/policy/modules/services/automount.if
+++ b/policy/modules/services/automount.if
@@ -150,7 +150,7 @@ interface(`automount_admin',`
 		type automount_var_run_t, automount_initrc_exec_t;
 	')
 
-	allow $1 automount_t:process { ptrace signal_perms getattr };
+	allow $1 automount_t:process { ptrace signal_perms };
 	ps_process_pattern($1, automount_t)
 
 	init_labeled_script_domtrans($1, automount_initrc_exec_t)
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
index e80f8c0..6b240d9 100644
--- a/policy/modules/services/ntp.if
+++ b/policy/modules/services/ntp.if
@@ -144,7 +144,7 @@ interface(`ntp_admin',`
 		type ntpd_initrc_exec_t;
 	')
 
-	allow $1 ntpd_t:process { ptrace signal_perms getattr };
+	allow $1 ntpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ntpd_t)
 
 	init_labeled_script_domtrans($1, ntpd_initrc_exec_t)