Nut policy from Dan Walsh

Dropped optional policy for shutdown_domtrans
Dropped commented can_exec line

policy/modules/services/nut.te

@@ -29,7 +29,8 @@ files_pid_file(nut_var_run_t)
 # Local policy for upsd
 #
 
-allow nut_upsd_t self:capability { setgid setuid };
+allow nut_upsd_t self:capability { setgid setuid dac_override };
+
 allow nut_upsd_t self:unix_dgram_socket { create_socket_perms sendto };
 allow nut_upsd_t self:tcp_socket connected_stream_socket_perms;
 
@@ -86,6 +87,7 @@ corenet_tcp_connect_generic_port(nut_upsmon_t)
 # Creates /etc/killpower
 files_manage_etc_runtime_files(nut_upsmon_t)
 files_etc_filetrans_etc_runtime(nut_upsmon_t, file)
+files_search_usr(nut_upsmon_t)
 
 # /usr/bin/wall
 term_write_all_terms(nut_upsmon_t)
@@ -100,6 +102,8 @@ auth_use_nsswitch(nut_upsmon_t)
 
 miscfiles_read_localization(nut_upsmon_t)
 
+mta_send_mail(nut_upsmon_t)
+
 ########################################
 #
 # Local policy for upsdrvctl
@@ -149,5 +153,15 @@ optional_policy(`
 
 	read_files_pattern(httpd_nutups_cgi_script_t, nut_conf_t, nut_conf_t)
 
+	corenet_all_recvfrom_unlabeled(httpd_nutups_cgi_script_t)
+	corenet_all_recvfrom_netlabel(httpd_nutups_cgi_script_t)
+	corenet_tcp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
+	corenet_tcp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
+	corenet_tcp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
 	corenet_tcp_connect_ups_port(httpd_nutups_cgi_script_t)
+	corenet_udp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
+	corenet_udp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
+	corenet_udp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
+
+	sysnet_dns_name_resolve(httpd_nutups_cgi_script_t)
 ')