From 000366f005610f288045c7377d46813c6dab7bce Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Oct 10 2012 12:21:35 +0000
Subject: - tuned wants to getattr on all filesystems

- tuned needs also setsched. The build is needed for test day

---

diff --git a/policy_contrib-rawhide.patch b/policy_contrib-rawhide.patch
index 0efbdda..0bc8f5f 100644
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
@@ -64607,7 +64607,7 @@ index 54b8605..a04f013 100644
  	admin_pattern($1, tuned_var_run_t)
  ')
 diff --git a/tuned.te b/tuned.te
-index db9d2a5..3a15a1c 100644
+index db9d2a5..805473b 100644
 --- a/tuned.te
 +++ b/tuned.te
 @@ -12,6 +12,12 @@ init_daemon_domain(tuned_t, tuned_exec_t)
@@ -64623,14 +64623,14 @@ index db9d2a5..3a15a1c 100644
  type tuned_log_t;
  logging_log_file(tuned_log_t)
  
-@@ -22,34 +28,51 @@ files_pid_file(tuned_var_run_t)
+@@ -22,34 +28,52 @@ files_pid_file(tuned_var_run_t)
  #
  # tuned local policy
  #
 -
 +allow tuned_t self:capability { sys_admin sys_nice };
  dontaudit tuned_t self:capability { dac_override sys_tty_config };
-+allow tuned_t self:process signal;
++allow tuned_t self:process {  setsched signal };
 +allow tuned_t self:fifo_file rw_fifo_file_perms;
 +allow tuned_t self:udp_socket create_socket_perms;
 +
@@ -64672,9 +64672,10 @@ index db9d2a5..3a15a1c 100644
 -files_read_etc_files(tuned_t)
  files_read_usr_files(tuned_t)
  files_dontaudit_search_home(tuned_t)
++files_list_tmp(tuned_t)
  
 -logging_send_syslog_msg(tuned_t)
-+fs_getattr_xattr_fs(tuned_t)
++fs_getattr_all_fs(tuned_t)
  
 -miscfiles_read_localization(tuned_t)
 +auth_use_nsswitch(tuned_t)
@@ -64683,7 +64684,7 @@ index db9d2a5..3a15a1c 100644
  
  userdom_dontaudit_search_user_home_dirs(tuned_t)
  
-@@ -58,6 +81,14 @@ optional_policy(`
+@@ -58,6 +82,14 @@ optional_policy(`
  	fstools_domtrans(tuned_t)
  ')
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a90b733..0f94bcb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.11.1
-Release: 34%{?dist}
+Release: 35%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -521,6 +521,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Oct 10 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-35
+- tuned wants to getattr on all filesystems
+- tuned needs also setsched. The build is needed for test day
+
 * Wed Oct 10 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-34
 - Add policy for qemu-qa
 - Allow razor to write own config files