From 38debf208cf4f48ea8ae3b2932abc22ed87f7e0b Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Mon, 10 Nov 2014 17:26:47 +0000
Subject: [PATCH] Update fi-collectd selinux module.

---
 .../base/files/selinux/fi-collectd.mod        | Bin 2185 -> 2214 bytes
 .../base/files/selinux/fi-collectd.pp         | Bin 2201 -> 2230 bytes
 .../base/files/selinux/fi-collectd.te         |   8 ++++----
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/collectd/base/files/selinux/fi-collectd.mod b/roles/collectd/base/files/selinux/fi-collectd.mod
index f7115c007385bfec60e78b0033f0b726a211208f..4af2e74cdae4c41cd40c424381b65b4cc535cf8d 100644
GIT binary patch
delta 150
zcmeAaTqZcdij$Rrfx%GEQqORrV~`4n1HvGXmYI{v4y0LtIJF`*xwHh#WtzO7QA|Yu
zC<syrm59&Fk1r`o%qs>dW(MN?g4Dc?*RC@$%5PrB{G5@Ick(P2`N@&YJd+Qy?wFj&
fCNbHQjc0N{6UXGeY&MhsGRjP1cie2p?#&1QPFE!A

delta 152
zcmZ1`*eN){ii4Sffx%GE!eO!?yYR$tJ7*9dgh3!JGbfcDNHYO(YDH>tX-O&zkjV(d
zMX8A?0zew16e<;;mmgnJl$ck%@$+>iMz+cNEY6$xSe7udg0wSC=4X<gJdc@Y@;%la
ill|CKCeLH#n0$`SW3nC_&tw^Pr^yQJY@6fQJs1IGY9l}Z

diff --git a/roles/collectd/base/files/selinux/fi-collectd.pp b/roles/collectd/base/files/selinux/fi-collectd.pp
index ad2e044dc2afffbb5742f08d433fe94265678f3d..56221847533a6a01e5559740df7897b8f1f1fcfa 100644
GIT binary patch
delta 151
zcmbO!xJ__^7bhzN1B0QSrJmu$z#tV62ZTW&Ei)&T9Z0hPacV_sa%l;e%QX2sqnL^S
zP!OaLDiNQTA74_Gm{$x^%nZc&1*v%(pIv8Sl;6CM`8gva@8nf1@{==}c_v?E-7&e4
gO=5B+8_(qVOdONXve``LWs;dJ!0x!&kKLOQ0Hf(7`~Uy|

delta 153
zcmdlcI8$(f7Y8!~1B0QSg~Mb;cHxQXcFrI^2!lXcW=<+QkY)nn)QZ&P(vnmbAd?Y@
zi&7I)1b{S1DO4&xFF(GdC^4^iGc)6LCPuc&_AJhu<ye+5vV!z8OqOSop1h8kXYxDN
j9h2kOR3@)u<(Pbr&11418_#4NcBjb(>};F!*gY5lfLbGC

diff --git a/roles/collectd/base/files/selinux/fi-collectd.te b/roles/collectd/base/files/selinux/fi-collectd.te
index cce9f1e52d..d00778c309 100644
--- a/roles/collectd/base/files/selinux/fi-collectd.te
+++ b/roles/collectd/base/files/selinux/fi-collectd.te
@@ -1,5 +1,5 @@
 
-module fi-collectd 1.8;
+module fi-collectd 1.9.1;
 
 require {
     type shell_exec_t;
@@ -11,14 +11,14 @@ require {
 	class sock_file { read write getattr };
 	class unix_stream_socket connectto;
 	class capability { setuid dac_read_search sys_ptrace setgid dac_override };
-	class file { read execute execute_no_trans };
+	class file { read getattr open execute execute_no_trans };
 	class dir getattr;
 }
 
 #============= collectd_t ==============
-allow collectd_t bin_t:file { execute execute_no_trans };
+allow collectd_t bin_t:file { read getattr open execute execute_no_trans };
 allow collectd_t configfs_t:dir getattr;
 allow collectd_t init_t:unix_stream_socket connectto;
 allow collectd_t self:capability { setuid dac_read_search sys_ptrace setgid dac_override };
 allow collectd_t var_run_t:sock_file { read write getattr };
-allow collectd_t shell_exec_t:file execute;
+allow collectd_t shell_exec_t:file { read open execute };