Christopher J. PeBenito wrote:
> On Fri, 2007-04-20 at 14:54 -0400, dwalsh@redhat.com wrote:
>   
>> --- nsaserefpolicy/policy/modules/admin/logwatch.te	2007-04-10 12:52:58.000000000 -0400
>> +++ serefpolicy-2.5.12/policy/modules/admin/logwatch.te	2007-04-11 17:07:34.000000000 -0400
>> @@ -95,6 +95,10 @@
>>  ')
>>  
>>  optional_policy(`
>> +	avahi_dontaudit_search_pid(logwatch_t)
>> +')
>> +
>> +optional_policy(`
>>  	bind_read_config(logwatch_t)
>>  	bind_read_zone(logwatch_t)
>>  ')
>> --- nsaserefpolicy/policy/modules/services/avahi.if	2007-01-02 12:57:43.000000000 -0500
>> +++ serefpolicy-2.5.12/policy/modules/services/avahi.if	2007-04-11 17:07:34.000000000 -0400
>> @@ -39,3 +39,22 @@
>>  	files_search_pids($1)
>>  	stream_connect_pattern($1,avahi_var_run_t,avahi_var_run_t,avahi_t)
>>  ')
>> +
>> +########################################
>> +## <summary>
>> +##	Do not audit attempts to search the AVAHI pid directory.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`avahi_dontaudit_search_pid',`
>> +	gen_require(`
>> +		type avahi_var_run_t;
>> +	')
>> +
>> +	dontaudit $1 avahi_var_run_t:dir search_dir_perms;
>> +')
>> +
>> --- nsaserefpolicy/policy/modules/services/avahi.te	2007-03-20 23:38:05.000000000 -0400
>> +++ serefpolicy-2.5.12/policy/modules/services/avahi.te	2007-04-18 16:04:51.000000000 -0400
>> @@ -105,3 +105,7 @@
>>  optional_policy(`
>>  	udev_read_db(avahi_t)
>>  ')
>> +
>> +optional_policy(`
>> +	samba_stream_connect_winbind(avahi_t)
>> +')
>>     
>
> Merged except for this last part.  I can't find any reference in the
> avahi code or wiki for it connecting to windbind.
>
>   


Right, turns out avahi uses nsswitch, and this is causing the avc.  
Attached patch to switch to using nsswitch.