From c36f75cb4a2fa662849f7e7503a31e66088cdcce Mon Sep 17 00:00:00 2001
From: Michal Schmidt <michich@fedoraproject.org>
Date: Aug 14 2009 12:51:28 +0000
Subject: - Create the logfile for the scheduler in the initscript.

- Allow the scheduler to write to the log in the SELinux policy
    (BZ#517251).

---

diff --git a/icecream.fc b/icecream.fc
index aac0f3b..808cfcc 100644
--- a/icecream.fc
+++ b/icecream.fc
@@ -3,3 +3,4 @@
 /var/cache/icecream(/.*)?			gen_context(system_u:object_r:iceccd_cache_t,s0)
 /var/log/iceccd				--	gen_context(system_u:object_r:iceccd_log_t,s0)
 /usr/sbin/icecc-scheduler		--	gen_context(system_u:object_r:icecc_scheduler_exec_t,s0)
+/var/log/icecc[-_]scheduler		--	gen_context(system_u:object_r:icecc_scheduler_log_t,s0)
diff --git a/icecream.spec b/icecream.spec
index 3c820a6..950eca3 100644
--- a/icecream.spec
+++ b/icecream.spec
@@ -11,7 +11,7 @@
 
 Name:		icecream
 Version:	0.9.4
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	Distributed compiler
 
 Group:		Development/Tools
@@ -233,6 +233,10 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/icecc.pc
 
 %changelog
+* Fri Aug 14 2009 Michal Schmidt <mschmidt@redhat.com> 0.9.4-3
+- Create the logfile for the scheduler in the initscript.
+- Allow the scheduler to write to the log in the SELinux policy (BZ#517251).
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 
diff --git a/icecream.te b/icecream.te
index b16b880..9548436 100644
--- a/icecream.te
+++ b/icecream.te
@@ -41,6 +41,9 @@ type icecc_scheduler_t;
 type icecc_scheduler_exec_t;
 init_daemon_domain(icecc_scheduler_t, icecc_scheduler_exec_t)
 
+type icecc_scheduler_log_t;
+logging_log_file(icecc_scheduler_log_t)
+
 ########################################
 #
 # iceccd_untrusted declarations
@@ -188,6 +191,9 @@ can_exec(iceccd_untrusted_t, iceccd_cache_t)
 allow icecc_scheduler_t self:tcp_socket create_stream_socket_perms;
 allow icecc_scheduler_t self:udp_socket create_socket_perms;
 
+manage_files_pattern(icecc_scheduler_t, icecc_scheduler_log_t, icecc_scheduler_log_t)
+logging_log_filetrans(icecc_scheduler_t, icecc_scheduler_log_t, file)
+
 corenet_all_recvfrom_unlabeled(icecc_scheduler_t)
 corenet_all_recvfrom_netlabel(icecc_scheduler_t)
 corenet_tcp_sendrecv_generic_if(icecc_scheduler_t)
diff --git a/initscript-scheduler b/initscript-scheduler
index b39770d..595a12e 100644
--- a/initscript-scheduler
+++ b/initscript-scheduler
@@ -30,15 +30,16 @@ start() {
 	[ -x $exec ] || exit 5
 	[ -f $config ] || exit 6
 	echo -n $"Starting distributed compiler scheduler: "
-	params=""
+	netname=
 	if [ -n "$ICECREAM_NETNAME" ] ; then
-		params="$params -n $ICECREAM_NETNAME"
+		netname="-n $ICECREAM_NETNAME"
 	fi
 	logfile=${ICECREAM_SCHEDULER_LOG_FILE:-/var/log/icecc-scheduler}
-	params="$params -l $logfile"
-#	touch "$logfile"
-#	chown icecream:icecream $logfile
-	daemon --user icecream --check $service $exec -d $params
+	touch "$logfile"
+	chown icecream:icecream "$logfile"
+	chmod 0640 "$logfile"
+	[ -x /sbin/restorecon ] && /sbin/restorecon "$logfile"
+	daemon --user icecream --check $service $exec -d -l "$logfile" $netname
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && touch $lockfile