From 83c739d179411a10dd3ebd634fd1c2f6b9bc3e3b Mon Sep 17 00:00:00 2001
From: Michal Schmidt <michich@fedoraproject.org>
Date: Mar 13 2008 00:09:06 +0000
Subject: - Minor SELinux policy fix.


---

diff --git a/icecream.spec b/icecream.spec
index 81ec931..bb288af 100644
--- a/icecream.spec
+++ b/icecream.spec
@@ -13,7 +13,7 @@
 
 Name:		icecream
 Version:	0.8.0
-Release:	10.20080117svn%{?dist}
+Release:	11.20080117svn%{?dist}
 Summary:	Distributed compiler
 
 Group:		Development/Tools
@@ -182,8 +182,8 @@ for selinuxvariant in %{selinux_variants}; do
 		%{_datadir}/selinux/${selinuxvariant}/icecream.pp 2>/dev/null ||:
 done
 fixfiles -R %{name} restore ||:
-restorecon -R %{_localstatedir}/cache/icecream ||:
-restorecon %{_localstatedir}/log/iceccd ||:
+restorecon -R %{_localstatedir}/cache/icecream 2>/dev/null ||:
+restorecon %{_localstatedir}/log/iceccd 2>/dev/null ||:
 semanage port -a -t iceccd_port_t -p tcp 10245 2>/dev/null ||:
 semanage port -a -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||:
 semanage port -a -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||:
@@ -250,6 +250,9 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/icecc.pc
 
 %changelog
+* Thu Mar 13 2008 Michal Schmidt <mschmidt@redhat.com> - 0.8.0-11.20080117svn
+- Minor SELinux policy fix.
+
 * Sun Feb 10 2008 Michal Schmidt <mschmidt@redhat.com> - 0.8.0-10.20080117svn
 - Compile fix (added missing #includes).
 - Conditional building of SELinux policy and documentation.
diff --git a/icecream.te b/icecream.te
index 9aff760..6d35d1a 100644
--- a/icecream.te
+++ b/icecream.te
@@ -65,7 +65,7 @@ allow iceccd_t self:capability { chown dac_override fsetid kill };
 allow iceccd_t self:capability { setgid setuid };
 allow iceccd_t self:capability { sys_chroot };
 
-allow iceccd_t iceccd_untrusted_t:process { siginh rlimitinh noatsecure };
+allow iceccd_t iceccd_untrusted_t:process { siginh rlimitinh noatsecure signal };
 
 allow iceccd_helper_t iceccd_t:process { sigchld };
 allow iceccd_helper_t iceccd_log_t:file { append };
@@ -75,10 +75,11 @@ allow iceccd_helper_t iceccd_tmp_t:file { execute };
 # rly needed?
 allow iceccd_helper_t iceccd_t:udp_socket { read write };
 
+allow iceccd_untrusted_t self:fifo_file { read write getattr };
+allow iceccd_untrusted_t self:process { signal };
 allow iceccd_untrusted_t iceccd_t:process { sigchld };
 allow iceccd_untrusted_t iceccd_t:fifo_file { write };
 allow iceccd_untrusted_t iceccd_t:unix_stream_socket { read write getattr };
-allow iceccd_untrusted_t self:fifo_file { read write getattr };
 allow iceccd_untrusted_t iceccd_cache_t:dir { search getattr write add_name remove_name };
 allow iceccd_untrusted_t iceccd_cache_t:file { execute_no_trans write unlink create };