courier patch from Dan Walsh

2010-08-30 10:45:10 -04:00 · 2010-08-30 10:45:10 -04:00 · 483be01302
commit 483be01302
parent 67effb0450
2 changed files with 3 additions and 0 deletions
--- a/policy/modules/services/courier.if
+++ b/policy/modules/services/courier.if
@ -38,10 +38,12 @@ template(`courier_domain_template',`
 	read_files_pattern(courier_$1_t, courier_etc_t, courier_etc_t)
 	allow courier_$1_t courier_etc_t:dir list_dir_perms;

+	manage_dirs_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	files_search_pids(courier_$1_t)
+	files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)

 	kernel_read_system_state(courier_$1_t)
 	kernel_read_kernel_sysctls(courier_$1_t)
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@ -48,6 +48,7 @@ allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_fifo_file_perms;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:unix_stream_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:process sigchld;
+allow courier_authdaemon_t courier_tcpd_t:fd use;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;