From 483be01302347bf2b513f420cd543a13d775ec5d Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Mon, 30 Aug 2010 10:45:10 -0400
Subject: [PATCH] courier patch from Dan Walsh

---
 policy/modules/services/courier.if | 2 ++
 policy/modules/services/courier.te | 1 +
 2 files changed, 3 insertions(+)

diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if
index 37b03f62..99713375 100644
--- a/policy/modules/services/courier.if
+++ b/policy/modules/services/courier.if
@@ -38,10 +38,12 @@ template(`courier_domain_template',`
 	read_files_pattern(courier_$1_t, courier_etc_t, courier_etc_t)
 	allow courier_$1_t courier_etc_t:dir list_dir_perms;
 
+	manage_dirs_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	files_search_pids(courier_$1_t)
+	files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)
 
 	kernel_read_system_state(courier_$1_t)
 	kernel_read_kernel_sysctls(courier_$1_t)
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index b96c242a..72901d88 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -48,6 +48,7 @@ allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_fifo_file_perms;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:unix_stream_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:process sigchld;
+allow courier_authdaemon_t courier_tcpd_t:fd use;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;