From f9dc34aadbc9147bf1a52e54d8db274b48c2a004 Mon Sep 17 00:00:00 2001
From: Richard Su <rwsu@redhat.com>
Date: Tue, 30 Sep 2014 10:33:06 -0700
Subject: [PATCH] Custom SELinux policy for rhsmcertd

Policy update to fix rhsmcertd denials on RHEL. This is needed
until the RHEL selinux-policy package is updated.

Change-Id: Ief542a442b8206ad59c1aa055307df213597b532
Partial-Bug: 1375532
---
 .../tripleo-selinux-rhsmcertd.te              | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 elements/selinux/custom-policies/tripleo-selinux-rhsmcertd.te

diff --git a/elements/selinux/custom-policies/tripleo-selinux-rhsmcertd.te b/elements/selinux/custom-policies/tripleo-selinux-rhsmcertd.te
new file mode 100644
index 000000000..456c76b6f
--- /dev/null
+++ b/elements/selinux/custom-policies/tripleo-selinux-rhsmcertd.te
@@ -0,0 +1,19 @@
+
+module tripleo-selinux-rhsmcertd 1.0;
+
+require {
+	type rhsmcertd_t;
+	type user_home_t;
+	type rpm_var_lib_t;
+	class capability dac_override;
+	class file create;
+	class dir { write getattr add_name };
+}
+
+#============= rhsmcertd_t ==============
+# https://bugzilla.redhat.com/show_bug.cgi?id=1144165
+# https://bugs.launchpad.net/tripleo/+bug/1375532
+allow rhsmcertd_t rpm_var_lib_t:dir { write add_name };
+allow rhsmcertd_t rpm_var_lib_t:file create;
+allow rhsmcertd_t self:capability dac_override;
+allow rhsmcertd_t user_home_t:dir getattr;