Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern. Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 10:20:36 +02:00 · 2010-09-15 10:20:36 +02:00 · 39e118bc15
commit 39e118bc15
parent 1215dfb87c
8 changed files with 28 additions and 28 deletions
--- a/policy/modules/services/afs.if
+++ b/policy/modules/services/afs.if
@ -97,8 +97,8 @@ interface(`afs_admin',`
 		type afs_t, afs_initrc_exec_t;
 	')

-	allow $1 afs_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, afs_t, afs_t)
+	allow $1 afs_t:process { ptrace signal_perms };
+	ps_process_pattern($1, afs_t)

 	# Allow afs_admin to restart the afs service
 	afs_initrc_domtrans($1)
--- a/policy/modules/services/boinc.if
+++ b/policy/modules/services/boinc.if
@ -138,8 +138,8 @@ interface(`boinc_admin',`
 		type boinc_var_lib_t;
 	')

-	allow $1 boinc_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, boinc_t, boinc_t)
+	allow $1 boinc_t:process { ptrace signal_perms };
+	ps_process_pattern($1, boinc_t)

 	boinc_initrc_domtrans($1)
 	domain_system_change_exemption($1)
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@ -191,8 +191,8 @@ interface(`cobblerd_admin',`
 		type httpd_cobbler_content_rw_t;
 	')

-	allow $1 cobblerd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, cobblerd_t, cobblerd_t)
+	allow $1 cobblerd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cobblerd_t)

 	files_search_etc($1)
 	admin_pattern($1, cobbler_etc_t)
--- a/policy/modules/services/exim.if
+++ b/policy/modules/services/exim.if
@ -235,8 +235,8 @@ interface(`exim_admin', `
 		type exim_tmp_t, exim_spool_t,  exim_var_run_t;
 	')

-	allow $1 exim_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, exim_t, exim_t)	
+	allow $1 exim_t:process { ptrace signal_perms };
+	ps_process_pattern($1, exim_t)

 	exim_initrc_domtrans($1)
 	domain_system_change_exemption($1)
--- a/policy/modules/services/plymouthd.if
+++ b/policy/modules/services/plymouthd.if
@ -249,8 +249,8 @@ interface(`plymouthd_admin', `
 		type plymouthd_var_run_t;
 	')

-	allow $1 plymouthd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, plymouthd_t, plymouthd_t)
+	allow $1 plymouthd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, plymouthd_t)

 	files_search_var_lib($1)
 	admin_pattern($1, plymouthd_spool_t)
--- a/policy/modules/services/portreserve.if
+++ b/policy/modules/services/portreserve.if
@ -105,8 +105,8 @@ interface(`portreserve_admin', `
 		type portreserve_initrc_exec_t, portreserve_var_run_t;
 	')

-	allow $1 portreserve_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1,  portreserve_t,  portreserve_t)
+	allow $1 portreserve_t:process { ptrace signal_perms };
+	ps_process_pattern($1, portreserve_t)
 	
 	portreserve_initrc_domtrans($1)
 	domain_system_change_exemption($1)
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@ -691,26 +691,26 @@ interface(`postfix_admin', `
 		type postfix_map_tmp_t, postfix_prng_t, postfix_public_t;
 	')

-	allow $1 postfix_bounce_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_bounce_t, postfix_bounce_t)
+	allow $1 postfix_bounce_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_bounce_t)

-	allow $1 postfix_cleanup_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_cleanup_t, postfix_cleanup_t)
+	allow $1 postfix_cleanup_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_cleanup_t)

-	allow $1 postfix_local_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_local_t, postfix_local_t)
+	allow $1 postfix_local_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_local_t)

-	allow $1 postfix_master_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_master_t, postfix_master_t)
+	allow $1 postfix_master_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_master_t)

-	allow $1 postfix_pickup_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_pickup_t, postfix_pickup_t)
+	allow $1 postfix_pickup_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_pickup_t)

-	allow $1 postfix_qmgr_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_qmgr_t, postfix_qmgr_t)
+	allow $1 postfix_qmgr_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_qmgr_t)

-	allow $1 postfix_smtpd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_smtpd_t, postfix_smtpd_t)
+	allow $1 postfix_smtpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_smtpd_t)

 	postfix_run_map($1,$2)
 	postfix_run_postdrop($1,$2)
--- a/policy/modules/services/qpidd.if
+++ b/policy/modules/services/qpidd.if
@ -179,8 +179,8 @@ interface(`qpidd_admin',`
 		type qpidd_t;
 	')

-	allow $1 qpidd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, qpidd_t, qpidd_t)
+	allow $1 qpidd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, qpidd_t)
 	        

 	gen_require(`