Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

policy/modules/services/postgresql.if

@@ -433,6 +433,7 @@ interface(`postgresql_admin',`
 	role_transition $2 postgresql_initrc_exec_t system_r;
 	allow $2 system_r;
 
+	files_list_pids($1)
 	admin_pattern($1, postgresql_var_run_t)
 
 	files_list_var_lib($1)
@@ -444,6 +445,7 @@ interface(`postgresql_admin',`
 	logging_list_logs($1)
 	admin_pattern($1, postgresql_log_t)
 
+	files_list_tmp($1)
 	admin_pattern($1, postgresql_tmp_t)
 
 	postgresql_tcp_connect($1)

policy/modules/services/postgrey.if

@@ -15,9 +15,9 @@ interface(`postgrey_stream_connect',`
 		type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
 	')
 
-	stream_connect_pattern($1, postgrey_var_run_t, postgrey_var_run_t, postgrey_t)
-	stream_connect_pattern($1, postgrey_spool_t, postgrey_spool_t, postgrey_t)
+	stream_connect_pattern($1, { postgrey_spool_t postgrey_var_run_t }, { postgrey_spool_t postgrey_var_run_t }, postgrey_t)
 	files_search_pids($1)
+	files_search_spool($1)
 ')
 
 ########################################
@@ -35,6 +35,7 @@ interface(`postgrey_search_spool',`
 		type postgrey_spool_t;
 	')
 
+	files_search_spool($1)
 	allow $1 postgrey_spool_t:dir search_dir_perms;
 ')
 

policy/modules/services/ppp.if

@@ -281,6 +281,7 @@ interface(`ppp_read_pid_files',`
 		type pppd_var_run_t;
 	')
 
+	files_search_pids($1)
 	allow $1 pppd_var_run_t:file read_file_perms;
 ')
 
@@ -299,6 +300,7 @@ interface(`ppp_manage_pid_files',`
 		type pppd_var_run_t;
 	')
 
+	files_search_pids($1)
 	allow $1 pppd_var_run_t:file manage_file_perms;
 ')
 
@@ -375,6 +377,7 @@ interface(`ppp_admin',`
 	logging_list_logs($1)
 	admin_pattern($1, pppd_log_t)
 
+	files_list_locks($1)
 	admin_pattern($1, pppd_lock_t)
 
 	files_list_etc($1)

policy/modules/services/qpidd.if

@@ -70,6 +70,7 @@ interface(`qpidd_manage_var_run',`
 		type qpidd_var_run_t;
 	')
 
+	files_search_pids($1)
 	manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
 	manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
 	manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
@@ -148,6 +149,7 @@ interface(`qpidd_manage_var_lib',`
 		type qpidd_var_lib_t;
 	')
 
+	files_search_var_lib($1)
 	manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
 	manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
 	manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)

policy/modules/services/rhcs.if

@@ -426,6 +426,7 @@ interface(`rhcs_read_qdiskd_tmpfs_files',`
 		type qdiskd_tmpfs_t;
 	')
 
+	fs_search_tmpfs($1)
 	allow $1 qdiskd_tmpfs_t:file read_file_perms;
 ')
 

policy/modules/services/rhgb.if

@@ -194,5 +194,6 @@ interface(`rhgb_rw_tmpfs_files',`
 		type rhgb_tmpfs_t;
 	')
 
+	fs_search_tmpfs($1)
 	allow $1 rhgb_tmpfs_t:file rw_file_perms;
 ')

policy/modules/services/ricci.if

@@ -126,6 +126,7 @@ interface(`ricci_rw_modclusterd_tmpfs_files',`
 		type ricci_modcluserd_tmpfs_t;
 	')
 
+	fs_search_tmpfs($1)
 	allow $1 ricci_modcluserd_tmpfs_t:file rw_file_perms;
 ')
 

policy/modules/services/rtkit.if

@@ -75,6 +75,7 @@ interface(`rtkit_scheduled',`
 		type rtkit_daemon_t;
 	')
 
+	kernel_search_proc($1)
 	ps_process_pattern(rtkit_daemon_t, $1)
 	allow rtkit_daemon_t $1:process { getsched setsched };
 	rtkit_daemon_dbus_chat($1)