[icecream] selinux: fix daemons running as unconfined_service_t

[Michal Schmidt]

commit 840a0cef2193704184dbbdd25bc7f8d6a25cf0c3
Author: Michal Schmidt <mschmidt at redhat.com>
Date:   Fri Dec 12 14:04:18 2014 +0100

    selinux: fix daemons running as unconfined_service_t
    
    Need to label the shell wrappers used in ExecStart to avoid transition
    to unconfined_service_t (from which there's no transition to the proper
    daemon domain).

 icecream.fc |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)
---
diff --git a/icecream.fc b/icecream.fc
index 849c95a..7566fcc 100644
--- a/icecream.fc
+++ b/icecream.fc
@@ -1,5 +1,7 @@
-/usr/sbin/iceccd			--	gen_context(system_u:object_r:iceccd_exec_t,s0)
-/usr/sbin/icecc-scheduler		--	gen_context(system_u:object_r:icecc_scheduler_exec_t,s0)
-/usr/bin/icecc-create-env		--	gen_context(system_u:object_r:iceccd_createenv_exec_t,s0)
-/var/cache/icecream(/.*)?			gen_context(system_u:object_r:iceccd_cache_t,s0)
-/var/run/icecc(/.*)?				gen_context(system_u:object_r:iceccd_var_run_t,s0)
+/usr/sbin/iceccd                           -- gen_context(system_u:object_r:iceccd_exec_t,s0)
+/usr/libexec/icecc/iceccd-wrapper          -- gen_context(system_u:object_r:iceccd_exec_t,s0)
+/usr/sbin/icecc-scheduler                  -- gen_context(system_u:object_r:icecc_scheduler_exec_t,s0)
+/usr/libexec/icecc/icecc-scheduler-wrapper -- gen_context(system_u:object_r:icecc_scheduler_exec_t,s0)
+/usr/bin/icecc-create-env                  -- gen_context(system_u:object_r:iceccd_createenv_exec_t,s0)
+/var/cache/icecream(/.*)?                     gen_context(system_u:object_r:iceccd_cache_t,s0)
+/var/run/icecc(/.*)?                          gen_context(system_u:object_r:iceccd_var_run_t,s0)