From 5f04c91f303595716b0faa7f007a7aa2208c0ff4 Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Mon, 28 Jun 2010 10:34:17 -0400
Subject: [PATCH] gitosis patch from Dan Walsh

---
 policy/modules/apps/gitosis.fc |  2 ++
 policy/modules/apps/gitosis.if |  2 +-
 policy/modules/apps/gitosis.te | 11 ++++++++---
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/policy/modules/apps/gitosis.fc b/policy/modules/apps/gitosis.fc
index 75fa0fa1..7e90e453 100644
--- a/policy/modules/apps/gitosis.fc
+++ b/policy/modules/apps/gitosis.fc
@@ -1,3 +1,5 @@
 /usr/bin/gitosis-serve			--	gen_context(system_u:object_r:gitosis_exec_t,s0)
+/usr/bin/gl-auth-command		--	gen_context(system_u:object_r:gitosis_exec_t,s0)
 
 /var/lib/gitosis(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
+/var/lib/gitolite(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff --git a/policy/modules/apps/gitosis.if b/policy/modules/apps/gitosis.if
index a4f34916..e898b911 100644
--- a/policy/modules/apps/gitosis.if
+++ b/policy/modules/apps/gitosis.if
@@ -62,7 +62,7 @@ interface(`gitosis_read_lib_files',`
 	files_search_var_lib($1)
 	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
-	list_dirs_pattern(%1, gitosis_var_lib_t, gitosis_var_lib_t)
+	list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 ')
 
 ######################################
diff --git a/policy/modules/apps/gitosis.te b/policy/modules/apps/gitosis.te
index 5e6f8590..46b3cbd0 100644
--- a/policy/modules/apps/gitosis.te
+++ b/policy/modules/apps/gitosis.te
@@ -25,12 +25,17 @@ manage_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
 manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
 manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
 
-corecmd_exec_bin(gitosis_t) 
-corecmd_exec_shell(gitosis_t)
-
 kernel_read_system_state(gitosis_t)
 
+corecmd_exec_bin(gitosis_t)
+corecmd_exec_shell(gitosis_t)
+
+dev_read_urand(gitosis_t)
+
+files_read_etc_files(gitosis_t)
 files_read_usr_files(gitosis_t)
 files_search_var_lib(gitosis_t)
 
 miscfiles_read_localization(gitosis_t)
+
+sysnet_read_config(gitosis_t)