From e0bbc8fe6eb46e0f07afac2ddd5f79f4a37281d6 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 18 Jul 2014 20:03:55 +0000
Subject: [PATCH] And.. talk to the sock.

---
 .../base/files/selinux/fi-collectd.mod        | Bin 1636 -> 1899 bytes
 .../base/files/selinux/fi-collectd.pp         | Bin 1652 -> 1915 bytes
 .../base/files/selinux/fi-collectd.te         |   5 ++++-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/collectd/base/files/selinux/fi-collectd.mod b/roles/collectd/base/files/selinux/fi-collectd.mod
index 83b8da15db99f07383dd7956e595c6f56312630e..fddd083c844de9c6f47e966b1d34700bd29e5042 100644
GIT binary patch
delta 381
zcmZ9Iy-EW?6ou#BnbB;RXv75riDWwsq_D6zL0>@7ZefYCD?v$?&1jw0E}QcJYL~_$
zy^WonkD!H>R`wP$F+}vhX})_o_vg)gtc+T;o45TnC4_L6;zue^8u@WKzu6<sU$Px<
z&Pj-cod*5W^C;<F#LM%-S!_GjW;mpyk`_WZ7hN!jH}OmcQ>qnDy1mFctU=rub8R&p
z*nSo#gUGs31mdc9)ybmlvKLvjb%2z8?a~NS-k>t>cneJ#=%s&bBx_^#@xW%@bjuZ_
ztVrQr)@Q7Wq4Lp^1&@Ug^*;gouv|vS1q`J^pehJe1%Wh}D1$H6B!y32#}gYj0~7U1
c3fKCe<Q8B21CM%}G~RVG<G-h*>?36J4On|uEC2ui

delta 254
zcmX|%ze>Yk97TWszRwb3Nok-3QxZo<ajqyh7AI#5f&n|U(&hyO-5c)i8z?x7;OZOb
zP^C}@5hrmJC5XLn;Bq+c^+h<{;jMBvZYUA`Q%%c!gQcAAGnX%8obkb`5m7}zM1oD}
z;D<w;OX81ChW#SIrM8et4Lzx2&Pi}ODMsVte9|w_@EPtbX2Y|r;Z56k(g;^B#<$j3
zu&wFRu4{%@j_@Jj(p_l63U7Z^*D}XMl;TF3=vsuChP;An*Qy@Atc{t=STS&)tT^<0
Qxb+De9(|4ni*PUY3&<ozN&o-=

diff --git a/roles/collectd/base/files/selinux/fi-collectd.pp b/roles/collectd/base/files/selinux/fi-collectd.pp
index ea6ef6d3808b6d0da382fce1c50ad899ea669100..8e9f6d9132c7ca0e3a50eab7433d974cceabcd43 100644
GIT binary patch
delta 383
zcmZ9Iy-EW?6ou#BnbB;R=q@f8$V$>_z#@gEV4)9?fc+9>SAt6-n=y3?A0W%A?D7U`
zm&PK!jh&sofsK_mGBHH-z-hjFIrrzod~HnHbWn7{KnWq7rTCF5M$IDei@PJ@;yrJ9
zOHM+p>@*ylU&d)KOV*c#i^O)V&C#XPiWWjRmt8Od-oYyw%qc3L_4=`OSR>#je2zA+
zhIWuA=`gl#79rr8H|pkbe%+5PI=X=|huXyv=DbZl9(WgrvZ2@hv8jyUbBHH4%dUH_
zV$6yZ9%X&OYM7`HZCUbI2vPr&aEu%Fk#PwVsnAkYWU7jmG?*y^qxVUH<Q87oxEYwK
dH&VFOCl$B(>LYm8d!+HH(*^&%Wy~QmHs3iiSYQAE

delta 254
zcmX|%&q@MO97cct?p21-CLB^|!fDwmq9+jADg`YCAxLOrp+k$FqRUtNo}f1<XdOaZ
z-=G#2Q7s~b7$QG7@Nqal_0RZnpLfGSx~fF<PdN?eTP)$G#~j|q2z*#GA}Wc9NYIfD
ztVoP2$^6mDXi!AB)h4#3ioVqG&RKLeDNe`7!^xn)rq408lnt-4j&E(@MHAe)6g8`|
zpr`Gn-O(IhoM0jG(p_uDiZ%PIx|Ta8qBb6+fvzQ(Ys?kgyJq>|TnlrTv*N;iuwvx*
Q@aQu(Jo_PLmf%V37s>2JJpcdz

diff --git a/roles/collectd/base/files/selinux/fi-collectd.te b/roles/collectd/base/files/selinux/fi-collectd.te
index 51bc23d090..d071220e01 100644
--- a/roles/collectd/base/files/selinux/fi-collectd.te
+++ b/roles/collectd/base/files/selinux/fi-collectd.te
@@ -1,11 +1,13 @@
 
-module fi-collectd 1.3;
+module fi-collectd 1.4;
 
 require {
+	type var_run_t;
 	type bin_t;
 	type configfs_t;
 	type pstorefs_t;
 	type collectd_t;
+	class sock_file getattr;
 	class capability { setuid dac_read_search sys_ptrace setgid dac_override };
 	class file { read execute execute_no_trans };
 	class dir getattr;
@@ -16,3 +18,4 @@ allow collectd_t bin_t:file { execute execute_no_trans };
 allow collectd_t configfs_t:dir getattr;
 allow collectd_t pstorefs_t:dir getattr;
 allow collectd_t self:capability { setuid dac_read_search sys_ptrace setgid dac_override };
+allow collectd_t var_run_t:sock_file getattr;