Call init_domain() in addition to init_daemon_domain(), this adds permissions needed...

[selinux.git] / tesseract / tesseract.te

diff --git a/tesseract/tesseract.te b/tesseract/tesseract.te
index ee16447..9a7d54c 100644 (file)
--- a/tesseract/tesseract.te
+++ b/tesseract/tesseract.te
@@ -1,4 +1,4 @@
-policy_module(tesseract, 0.1.3)
+policy_module(tesseract, 0.1.5)
 
 # File context for the executable process
 type tesseract_t;
@@ -10,6 +10,7 @@ files_type(tesseract_rw_t)
 type tesseract_ro_t;
 files_type(tesseract_ro_t)
 
+init_domain(tesseract_t, tesseract_exec_t)
 init_daemon_domain(tesseract_t, tesseract_exec_t)
 
 corenet_udp_sendrecv_generic_port(tesseract_t)
@@ -17,5 +18,6 @@ corenet_udp_bind_generic_port(tesseract_t)
 corenet_udp_bind_generic_node(tesseract_t)
 
 read_files_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t)
+list_dirs_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t)
 
 sysnet_dns_name_resolve(tesseract_t)