From 99712f1228856c8855882b450540b77e96595da0 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <michich@fedoraproject.org>
Date: Aug 18 2009 21:46:08 +0000
Subject: - SELinux policy: Allow untrusted binaries to getattr all filesystems. (BSD

    process accounting does vfs_getattr() to check disk space.)

---

diff --git a/icecream.spec b/icecream.spec
index 950eca3..5f4e276 100644
--- a/icecream.spec
+++ b/icecream.spec
@@ -11,7 +11,7 @@
 
 Name:		icecream
 Version:	0.9.4
-Release:	3%{?dist}
+Release:	4%{?dist}
 Summary:	Distributed compiler
 
 Group:		Development/Tools
@@ -233,6 +233,10 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/icecc.pc
 
 %changelog
+* Mon Aug 17 2009 Michal Schmidt <mschmidt@redhat.com> 0.9.4-4
+- SELinux policy: Allow untrusted binaries to getattr all filesystems.
+  (BSD process accounting does vfs_getattr() to check disk space.)
+
 * Fri Aug 14 2009 Michal Schmidt <mschmidt@redhat.com> 0.9.4-3
 - Create the logfile for the scheduler in the initscript.
 - Allow the scheduler to write to the log in the SELinux policy (BZ#517251).
diff --git a/icecream.te b/icecream.te
index 9548436..289b2fb 100644
--- a/icecream.te
+++ b/icecream.te
@@ -1,5 +1,5 @@
 
-policy_module(icecream,0.1.3)
+policy_module(icecream,0.1.4)
 
 ########################################
 #
@@ -183,6 +183,8 @@ manage_files_pattern(iceccd_untrusted_t, iceccd_cache_t, iceccd_cache_t)
 
 can_exec(iceccd_untrusted_t, iceccd_cache_t)
 
+fs_getattr_all_fs(iceccd_untrusted_t)
+
 ########################################
 #
 # icecc_scheduler policy