Call init_domain() in addition to init_daemon_domain(), this adds permissions needed...

[selinux.git] / q3a / q3a.te

diff --git a/q3a/q3a.te b/q3a/q3a.te
index ef9da68..4872be1 100644 (file)
--- a/q3a/q3a.te
+++ b/q3a/q3a.te
@@ -1,4 +1,4 @@
-policy_module(q3a, 0.1.23)
+policy_module(q3a, 0.1.25)
 
 # File context for the executable process
 type q3a_t;
@@ -12,6 +12,7 @@ files_type(q3a_ro_t)
 
 _sky_files_use_tmp(q3a_t, q3a_tmp_t)
 
+init_domain(q3a_t, q3a_exec_t)
 init_daemon_domain(q3a_t, q3a_exec_t)
 
 corenet_udp_sendrecv_generic_port(q3a_t)
@@ -19,6 +20,7 @@ corenet_udp_bind_generic_port(q3a_t)
 corenet_udp_bind_generic_node(q3a_t)
 
 read_files_pattern(q3a_t, q3a_ro_t, q3a_ro_t)
+list_dirs_pattern(q3a_t, q3a_ro_t, q3a_ro_t)
 
 allow q3a_t q3a_ro_t:dir list_dir_perms;
 allow q3a_t q3a_ro_t:file read_file_perms;