Subject: [PATCH] refpolicy: services_podsleuth changes
--text follows this line--
--- nsaserefpolicy/policy/modules/services/podsleuth.fc	1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.4.1/policy/modules/services/podsleuth.fc	2008-05-27 07:34:21.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/podsleuth.if	1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.4.1/policy/modules/services/podsleuth.if	2008-05-27 07:34:21.000000000 -0400
@@ -0,0 +1,54 @@
+
+## <summary>policy for podsleuth</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run podsleuth.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`podsleuth_domtrans',`
+	gen_require(`
+		type podsleuth_t;
+                type podsleuth_exec_t;
+	')
+
+	domtrans_pattern($1,podsleuth_exec_t,podsleuth_t)
+')
+
+
+########################################
+## <summary>
+##	Execute podsleuth in the podsleuth domain, and
+##	allow the specified role the podsleuth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the podsleuth domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the role's terminal.
+##	</summary>
+## </param>
+#
+interface(`podsleuth_run',`
+	gen_require(`
+		type podsleuth_t;
+	')
+
+	podsleuth_domtrans($1)
+	role $2 types podsleuth_t;
+	dontaudit podsleuth_t $3:chr_file rw_term_perms;
+')
+
--- nsaserefpolicy/policy/modules/services/podsleuth.te	1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.4.1/policy/modules/services/podsleuth.te	2008-05-27 07:45:08.000000000 -0400
@@ -0,0 +1,37 @@
+policy_module(podsleuth,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type podsleuth_t;
+type podsleuth_exec_t;
+application_domain(podsleuth_t, podsleuth_exec_t)
+role system_r types podsleuth_t;
+
+########################################
+#
+# podsleuth local policy
+#
+allow podsleuth_t self:process { ptrace signal getsched execheap execmem };
+
+## internal communication is often done using fifo and unix sockets.
+allow podsleuth_t self:fifo_file rw_file_perms;
+allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
+
+dev_read_urand(podsleuth_t)
+
+kernel_read_system_state(podsleuth_t)
+
+files_read_etc_files(podsleuth_t)
+
+libs_use_ld_so(podsleuth_t)
+libs_use_shared_libs(podsleuth_t)
+
+miscfiles_read_localization(podsleuth_t)
+
+mono_exec(podsleuth_t)
+
+hal_dbus_chat(podsleuth_t)
+dbus_system_bus_client_template(podsleuth,podsleuth_t)