Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

policy/modules/services/smartmon.if

@@ -15,6 +15,7 @@ interface(`smartmon_read_tmp_files',`
 		type fsdaemon_tmp_t;
 	')
 
+	files_search_tmp($1)
 	allow $1 fsdaemon_tmp_t:file read_file_perms;
 ')
 

policy/modules/services/snmp.if

@@ -62,6 +62,7 @@ interface(`snmp_read_snmp_var_lib_files',`
 		type snmpd_var_lib_t;
 	')
 
+	files_search_var_lib($1)
 	allow $1 snmpd_var_lib_t:dir list_dir_perms;
 	read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
 	read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)

policy/modules/services/spamassassin.if

@@ -151,6 +151,7 @@ interface(`spamassassin_manage_home_client',`
 		type spamc_home_t;
 	')
 
+	userdom_search_user_home_dirs($1)
 	manage_dirs_pattern($1, spamc_home_t, spamc_home_t)
 	manage_files_pattern($1, spamc_home_t, spamc_home_t)
 	manage_lnk_files_pattern($1, spamc_home_t, spamc_home_t)
@@ -249,6 +250,7 @@ interface(`spamassassin_read_spamd_tmp_files',`
 		type spamd_tmp_t;
 	')
 
+	files_search_tmp($1)
 	allow $1 spamd_tmp_t:file read_file_perms;
 ')
 
@@ -286,6 +288,7 @@ interface(`spamd_stream_connect',`
 		type spamd_t, spamd_var_run_t;
 	')
 
+	files_search_pids($1)
 	stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
 ')
 

policy/modules/services/sssd.if

@@ -89,6 +89,7 @@ interface(`sssd_manage_pids',`
 		type sssd_var_run_t;
 	')
 
+	files_search_pids($1)
 	manage_dirs_pattern($1, sssd_var_run_t, sssd_var_run_t)
 	manage_files_pattern($1, sssd_var_run_t, sssd_var_run_t)
 ')

policy/modules/services/tftp.if

@@ -108,6 +108,7 @@ interface(`tftp_admin',`
 	allow $1 tftpd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, tftpd_t)
 
+	files_list_var_lib($1)
 	admin_pattern($1, tftpdir_rw_t)
 
 	admin_pattern($1, tftpdir_t)

policy/modules/services/vhostmd.if

@@ -52,7 +52,7 @@ interface(`vhostmd_read_tmpfs_files',`
 	')
 
 	allow $1 vhostmd_tmpfs_t:file read_file_perms;
-	files_search_tmp($1)
+	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -90,7 +90,7 @@ interface(`vhostmd_rw_tmpfs_files',`
 	')
 
 	rw_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-	files_search_tmp($1)
+	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -109,7 +109,7 @@ interface(`vhostmd_manage_tmpfs_files',`
 	')
 
 	manage_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-	files_search_tmp($1)
+	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -146,6 +146,7 @@ interface(`vhostmd_manage_pid_files',`
 		type vhostmd_var_run_t;
 	')
 
+	files_search_pids($1)
 	 manage_files_pattern($1, vhostmd_var_run_t, vhostmd_var_run_t)
 ')
 

policy/modules/services/xserver.if

@@ -788,6 +788,7 @@ interface(`xserver_stream_connect_xdm',`
 	')
 
 	files_search_tmp($1)
+	files_search_pids($1)
 	stream_connect_pattern($1, xdm_tmp_t, xdm_tmp_t, xdm_t)
 	stream_connect_pattern($1, xdm_var_run_t, xdm_var_run_t, xdm_t)
 ')

policy/modules/services/zarafa.if

@@ -12,7 +12,6 @@
 ## </param>
 #
 template(`zarafa_domain_template',`
-
 	gen_require(`
 		attribute zarafa_domain;
 	')
@@ -98,5 +97,6 @@ interface(`zarafa_stream_connect_server',`
 		type zarafa_server_t, zarafa_server_var_run_t;
 	')
 
+	files_search_var_lib($1)
 	stream_connect_pattern($1, zarafa_server_t, zarafa_server_var_run_t, zarafa_server_t)
 ')