atop: add more missing permissions for the new version

policy/modules/atop.fc

@@ -2,6 +2,7 @@
 
 /usr/bin/atop			-- 	gen_context(system_u:object_r:atop_exec_t,s0)
 /usr/share/atop/atop.wrapper	--	gen_context(system_u:object_r:atop_exec_t,s0)
+/usr/share/atop/atop.daily	--	gen_context(system_u:object_r:atop_exec_t,s0)
 
 /var/log/atop(/.*)?			gen_context(system_u:object_r:atop_var_log_t,s0)
 

policy/modules/atop.te

@@ -1,4 +1,4 @@
-policy_module(atop, 0.1.11)
+policy_module(atop, 0.1.12)
 
 ########################################
 #
@@ -30,13 +30,12 @@ files_type(atop_var_cache_t)
 #
 
 allow atop_t atop_exec_t:file execute_no_trans;
-allow atop_t self:capability { setuid sys_nice sys_resource ipc_lock sys_pacct dac_override };
-allow atop_t self:process { setsched sigkill setrlimit };
+allow atop_t self:capability { setuid sys_nice sys_resource ipc_lock sys_pacct dac_override net_raw sys_ptrace };
+allow atop_t self:process { setsched sigkill setrlimit setpgid };
 allow atop_t self:sem { write read create unix_write unix_read };
 allow atop_t self:udp_socket { create ioctl };
 allow atop_t self:sem associate;
-allow atop_t self:capability sys_ptrace;
-allow atop_t self:rawip_socket create;
+allow atop_t self:rawip_socket { create getopt };
 
 manage_dirs_pattern(atop_t, atop_var_log_t, atop_var_log_t)
 append_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
@@ -61,7 +60,7 @@ optional_policy(`
 	gen_require(`
 		type initrc_t;
 	')
-	allow atop_t initrc_t:sem associate;
+	allow atop_t initrc_t:sem { read unix_write write associate };
 ')
 
 userdom_getattr_user_home_dirs(atop_t)
@@ -85,3 +84,5 @@ miscfiles_read_localization(atop_t)
 dev_getattr_lvm_control(atop_t)
 
 cron_system_entry(atop_t, atop_exec_t)
+
+init_read_utmp(atop_t)