Allow users to ptrace and send any signal to their pyzor agent.

Allow users to ptrace and send any signal to their razor agent.

policy/modules/services/pyzor.if

@@ -28,7 +28,7 @@ interface(`pyzor_role',`
 
 	# allow ps to show pyzor and allow the user to kill it 
 	ps_process_pattern($2, pyzor_t)
-	allow $2 pyzor_t:process signal;
+	allow $2 pyzor_t:process { ptrace signal_perms };
 ')
 
 ########################################

policy/modules/services/razor.if

@@ -131,7 +131,7 @@ interface(`razor_role',`
 
 	# allow ps to show razor and allow the user to kill it 
 	ps_process_pattern($2, razor_t)
-	allow $2 razor_t:process signal;
+	allow $2 razor_t:process { ptrace signal_perms };
 
 	manage_dirs_pattern($2, razor_home_t, razor_home_t)
 	manage_files_pattern($2, razor_home_t, razor_home_t)