From a2524cfa77395ef91e318a24722326b4f906e932 Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Fri, 7 May 2010 10:09:07 -0400
Subject: [PATCH] cobbler patch from Dan Walsh

---
 policy/modules/services/cobbler.if |  4 +++-
 policy/modules/services/cobbler.te | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
index 8ce15efac..a9de45a16 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -173,9 +173,11 @@ interface(`cobblerd_admin',`
 	files_list_var_lib($1)
 	admin_pattern($1, cobbler_var_lib_t)
 
-	files_search_var_log($1)
+	logging_search_logs($1)
 	admin_pattern($1, cobbler_var_log_t)
 
+	admin_pattern($1, httpd_cobbler_content_rw_t)
+
 	cobblerd_initrc_domtrans($1)
 	domain_system_change_exemption($1)
 	role_transition $2 cobblerd_initrc_exec_t system_r;
diff --git a/policy/modules/services/cobbler.te b/policy/modules/services/cobbler.te
index a267c2f44..ca5c2b631 100644
--- a/policy/modules/services/cobbler.te
+++ b/policy/modules/services/cobbler.te
@@ -40,6 +40,7 @@ allow cobblerd_t self:process { getsched setsched signal };
 allow cobblerd_t self:fifo_file rw_fifo_file_perms;
 allow cobblerd_t self:tcp_socket create_stream_socket_perms;
 
+list_dirs_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)
 read_files_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)
 
 manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
@@ -68,6 +69,8 @@ corenet_tcp_sendrecv_generic_port(cobblerd_t)
 
 dev_read_urand(cobblerd_t)
 
+# read /etc/nsswitch.conf
+files_read_etc_files(cobblerd_t)
 files_read_usr_files(cobblerd_t)
 files_list_boot(cobblerd_t)
 files_list_tmp(cobblerd_t)
@@ -119,3 +122,12 @@ optional_policy(`
 optional_policy(`
 	tftp_manage_rw_content(cobblerd_t)
 ')
+
+########################################
+#
+# Cobbler web local policy.
+#
+
+apache_content_template(cobbler)
+manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t,  httpd_cobbler_content_rw_t)
+manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t,  httpd_cobbler_content_rw_t)