From cf3da950841713f75208499c9ad4d2d868de134c Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Thu, 4 Mar 2010 14:03:59 -0500
Subject: [PATCH] Allow cdrecord_t to execute bin_t from Dan Walsh growisofs
 executes mkisofs

---
 policy/modules/apps/cdrecord.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/apps/cdrecord.te b/policy/modules/apps/cdrecord.te
index f09ab37f3..b438827cf 100644
--- a/policy/modules/apps/cdrecord.te
+++ b/policy/modules/apps/cdrecord.te
@@ -32,6 +32,9 @@ allow cdrecord_t self:process { getcap getsched setsched sigkill };
 allow cdrecord_t self:unix_dgram_socket create_socket_perms;
 allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
 
+# growisofs uses mkisofs
+corecmd_exec_bin(cdrecord_t) 
+
 # allow searching for cdrom-drive
 dev_list_all_dev_nodes(cdrecord_t) 
 dev_read_sysfs(cdrecord_t)