Moment of truth, added ossec_exec_t for ossec-control

ossec.fc

@@ -18,6 +18,8 @@
 /var/ossec/etc(/.*)?                      gen_context(system_u:object_r:ossec_etc_t,s0)
 /var/ossec/rules(/.*)?                    gen_context(system_u:object_r:ossec_rule_t,s0)
 
-/var/ossec/bin(/.*)?                      gen_context(system_u:object_r:ossec_bin_t,s0)
+/var/ossec/bin(/.*)?                      gen_context(system_u:object_r:bin_t,s0)
 /var/ossec/active-response(/.*)?          gen_context(system_u:object_r:ossec_script_t,s0)
 
+/var/ossec/bin/ossec-control     --       gen_context(system_u:object_r:ossec_exec_t,s0)
+

ossec.te

@@ -1,5 +1,5 @@
 
-policy_module(ossec,1.0.6)
+policy_module(ossec,1.0.11)
 
 ########################################
 #
@@ -53,6 +53,7 @@ require {
 	type ossec_stats_t;
 	type ossec_queue_t;
 	type ossec_script_t;
+	type httpd_t;
 	class file { rename read lock create write getattr unlink open append };
 	class dir { write getattr read remove_name create add_name };
 }
@@ -63,3 +64,19 @@ require {
 # ossec local policy
 #
 
+
+#============= ossec_t ==============
+
+
+#============= httpd_t ==============
+allow httpd_t ossec_log_t:dir { read };
+allow httpd_t ossec_log_t:file { open read getattr };
+
+allow httpd_t ossec_queue_t:dir { read };
+allow httpd_t ossec_queue_t:file { open read getattr };
+
+allow httpd_t ossec_stats_t:dir { read };
+allow httpd_t ossec_stats_t:file { open read getattr };
+
+
+