From 517618f0b4b9fd69e8796ba4e33b1987741d0dfa Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 2 May 2007 17:55:03 +0000
Subject: [PATCH] Patch to dontaudit logrotate searching avahi pid directory
 from Dan Walsh.

---
 Changelog                        |  3 ++-
 policy/modules/admin/logwatch.te |  6 +++++-
 policy/modules/services/avahi.if | 18 ++++++++++++++++++
 policy/modules/services/avahi.te |  2 +-
 4 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/Changelog b/Changelog
index f6bcd1c2..e0f27c97 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,6 @@
+- Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
 - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
-  to handle usage from userhelper.
+  to handle usage from userhelper from Dan Walsh.
 - Patch to allow amavis to read spamassassin libraries from Dan Walsh.
 - Patch to allow slocate to getattr other filesystems and directories on those
   filesystems from Dan Walsh.
diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te
index 9bcf82e3..f92c331b 100644
--- a/policy/modules/admin/logwatch.te
+++ b/policy/modules/admin/logwatch.te
@@ -1,5 +1,5 @@
 
-policy_module(logwatch,1.4.0)
+policy_module(logwatch,1.4.1)
 
 #################################
 #
@@ -94,6 +94,10 @@ optional_policy(`
 	apache_read_log(logwatch_t)
 ')
 
+optional_policy(`
+	avahi_dontaudit_search_pid(logwatch_t)
+')
+
 optional_policy(`
 	bind_read_config(logwatch_t)
 	bind_read_zone(logwatch_t)
diff --git a/policy/modules/services/avahi.if b/policy/modules/services/avahi.if
index 5eaf2ad5..2889825e 100644
--- a/policy/modules/services/avahi.if
+++ b/policy/modules/services/avahi.if
@@ -39,3 +39,21 @@ interface(`avahi_stream_connect',`
 	files_search_pids($1)
 	stream_connect_pattern($1,avahi_var_run_t,avahi_var_run_t,avahi_t)
 ')
+
+########################################
+## <summary>
+##	Do not audit attempts to search the avahi pid directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`avahi_dontaudit_search_pid',`
+	gen_require(`
+		type avahi_var_run_t;
+	')
+
+	dontaudit $1 avahi_var_run_t:dir search_dir_perms;
+')
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index d5e722c6..20b67d3e 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
 
-policy_module(avahi,1.5.0)
+policy_module(avahi,1.5.1)
 
 ########################################
 #