smokeping patch from Dan Walsh

"smokeping tries to read shadow"

policy/modules/services/smokeping.if

@@ -5,9 +5,9 @@
 ##	Execute a domain transition to run smokeping.
 ## </summary>
 ## <param name="domain">
-## <summary>
+##	<summary>
 ##	Domain allowed to transition.
-## </summary>
+##	</summary>
 ## </param>
 #
 interface(`smokeping_domtrans',`

policy/modules/services/smokeping.te

@@ -23,6 +23,7 @@ files_type(smokeping_var_lib_t)
 # smokeping local policy
 #
 
+dontaudit smokeping_t self:capability { dac_read_search dac_override };
 allow smokeping_t self:fifo_file rw_fifo_file_perms;
 allow smokeping_t self:udp_socket create_socket_perms;
 allow smokeping_t self:unix_stream_socket create_stream_socket_perms;
@@ -44,6 +45,7 @@ files_read_usr_files(smokeping_t)
 files_search_tmp(smokeping_t)
 
 auth_use_nsswitch(smokeping_t)
+auth_dontaudit_read_shadow(smokeping_t)
 
 logging_send_syslog_msg(smokeping_t)
 
@@ -63,6 +65,7 @@ optional_policy(`
 
 	allow httpd_smokeping_cgi_script_t self:udp_socket create_socket_perms;
 
+	manage_dirs_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
 	manage_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
 
 	getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)