From 023d2472d77a30a935654cebb96ad2d4fbd5f5e7 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@redhat.com>
Date: Mar 23 2017 21:04:43 +0000
Subject: and we needed a te that parsed


---

diff --git a/nrpe.te b/nrpe.te
index ca1a1fb..cf032ea 100644
--- a/nrpe.te
+++ b/nrpe.te
@@ -5,27 +5,25 @@ require {
         type fsadm_exec_t;
         type hostname_exec_t;
         type hwdata_t;
-        type tmp_t;
         type nrpe_t;
-        type mount_exec_t;
+        type scsi_generic_device_t;
+        type tmp_t;
         class capability { sys_admin sys_rawio };
-        class blk_file { read getattr open ioctl };
+        class chr_file { ioctl open read write };
+        class dir { add_name remove_name search write };
+        class file { create execute getattr open read unlink write };
         class unix_dgram_socket sendto;
-        class chr_file { read write ioctl open };
-        class dir { write remove_name search add_name };
-        class file { execute read create execute_no_trans write getattr unlink open };
-        }
+}
 
 #============= nrpe_t ==============
 
-allow nrpe_t fsadm_exec_t:file { read getattr open execute };
+allow nrpe_t fsadm_exec_t:file { execute getattr open read };
 allow nrpe_t hostname_exec_t:file execute;
 allow nrpe_t hwdata_t:dir search;
-allow nrpe_t hwdata_t:file { read getattr open };
-allow nrpe_t mount_exec_t:file getattr;
-allow nrpe_t scsi_generic_device_t:chr_file { read write ioctl open };
-allow nrpe_t self:capability { sys_rawio sys_admin };
+allow nrpe_t hwdata_t:file { getattr open read };
+allow nrpe_t scsi_generic_device_t:chr_file { ioctl open read write };
+allow nrpe_t self:capability { sys_admin sys_rawio };
 allow nrpe_t self:unix_dgram_socket sendto;
-allow nrpe_t tmp_t:dir { write remove_name add_name };
+allow nrpe_t tmp_t:dir { add_name remove_name write };
 allow nrpe_t tmp_t:file unlink;
-allow nrpe_t tmp_t:file { write create open };
+allow nrpe_t tmp_t:file { create open write };