From bf066a6d3a95e039a3d30d5d8de7bc8a29edbc46 Mon Sep 17 00:00:00 2001
From: Alexander Miroshnichenko <alex@millerson.name>
Date: Wed, 10 Jul 2019 11:21:54 +0300
Subject: [PATCH] Update selinux-knot policy

---
 sec-policy/selinux-knot/files/knot.if | 6 +++---
 sec-policy/selinux-knot/files/knot.te | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sec-policy/selinux-knot/files/knot.if b/sec-policy/selinux-knot/files/knot.if
index cde5b5e..93285a9 100644
--- a/sec-policy/selinux-knot/files/knot.if
+++ b/sec-policy/selinux-knot/files/knot.if
@@ -38,7 +38,7 @@ interface(`knot_domtrans_client',`
 #
 interface(`knot_run_client',`
 	gen_require(`
-	attribute_role knot_roles;
+		attribute_role knot_roles;
 	')
 
 	knot_domtrans_client($1)
@@ -87,9 +87,9 @@ interface(`knot_admin',`
 		type knot_runtime_t, knot_tmp_t, knot_var_lib_t;
 	')
 
-	allow $2 knotc_t:process signal_perms;
+	allow $1 knotc_t:process signal_perms;
 	allow $1 knotd_t:process { ptrace signal_perms };
-	ps_process_pattern($2, knotc_t)
+	ps_process_pattern($1, knotc_t)
 	ps_process_pattern($1, knotd_t)
 
 	init_startstop_service($1, $2, knotd_t, knot_initrc_exec_t)
diff --git a/sec-policy/selinux-knot/files/knot.te b/sec-policy/selinux-knot/files/knot.te
index 95056b0..b203f4c 100644
--- a/sec-policy/selinux-knot/files/knot.te
+++ b/sec-policy/selinux-knot/files/knot.te
@@ -136,6 +136,6 @@ optional_policy(`
 		type sysadm_t;
 	')
 
-	knot_admin(sysadm_r, sysadm_t)
-	knot_run_client(sysadm_r, sysadm_t)
+	knot_admin(sysadm_t, sysadm_r)
+	knot_run_client(sysadm_t, sysadm_r)
 ')