[selinux-policy: 2912/3172] Allow a couple of sandbox issues. Remove postgresl managing of etc_files, until I find out why it is

[Daniel J Walsh]

commit c2dae98501c8259e1b6f6c59de6326d9d3678d40
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Tue Sep 14 10:02:43 2010 -0400

    Allow a couple of sandbox issues.
    Remove postgresl managing of etc_files, until I find out why it is needed.
    Dontaudit leaks from rpm to mount

 policy/modules/apps/sandbox.te        |    7 +++++++
 policy/modules/services/postgresql.te |    3 +--
 policy/modules/system/mount.te        |    1 +
 3 files changed, 9 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
index 942bb30..2251b02 100644
--- a/policy/modules/apps/sandbox.te
+++ b/policy/modules/apps/sandbox.te
@@ -262,6 +262,13 @@ optional_policy(`
 	hal_dbus_chat(sandbox_x_client_t)
 ')
 
+
+allow sandbox_web_t self:process setsched;
+
+optional_policy(`
+	nsplugin_read_rw_files(sandbox_web_t)
+')
+
 ########################################
 #
 # sandbox_web_client_t local policy
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index a5b6508..0ed1671 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -251,8 +251,7 @@ domain_dontaudit_list_all_domains_state(postgresql_t)
 domain_use_interactive_fds(postgresql_t)
 
 files_dontaudit_search_home(postgresql_t)
-files_manage_etc_files(postgresql_t)
-files_search_etc(postgresql_t)
+files_read_etc_files(postgresql_t)
 files_read_etc_runtime_files(postgresql_t)
 files_read_usr_files(postgresql_t)
 
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 1f8fee9..0fcd4e7 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -283,6 +283,7 @@ optional_policy(`
 # for kernel package installation
 optional_policy(`
 	rpm_rw_pipes(mount_t)
+	rpm_dontaudit_leaks(mount_t)
 ')
 
 optional_policy(`