From 5abea9818add7b0eb7d1d04b3672b322b6b55018 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Oct 27 2005 13:37:36 +0000
Subject: fixes from testing



---

diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index f3da45f..12acd84 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -50,7 +50,7 @@ allow ypbind_t ypbind_tmp_t:dir create_dir_perms;
 allow ypbind_t ypbind_tmp_t:file create_file_perms;
 files_create_tmp_files(ypbind_t, ypbind_tmp_t, { file dir })
 
-allow ypbind_t ypbind_var_run_t:file { getattr create read write append setattr unlink };
+allow ypbind_t ypbind_var_run_t:file manage_file_perms;
 files_create_pid(ypbind_t,ypbind_var_run_t)
 
 allow ypbind_t var_yp_t:dir rw_dir_perms;
@@ -89,6 +89,7 @@ term_dontaudit_use_console(ypbind_t)
 domain_use_wide_inherit_fd(ypbind_t)
 
 files_read_etc_files(ypbind_t)
+files_list_var(ypbind_t)
 
 init_use_fd(ypbind_t)
 init_use_script_pty(ypbind_t)
@@ -155,8 +156,8 @@ allow ypserv_t ypserv_tmp_t:dir create_dir_perms;
 allow ypserv_t ypserv_tmp_t:file create_file_perms;
 files_create_tmp_files(ypserv_t, ypserv_tmp_t, { file dir })
 
-allow ypserv_t ypserv_var_run_t:dir { ioctl read write getattr lock add_name remove_name search };
-allow ypserv_t ypserv_var_run_t:file { getattr create read write append setattr unlink };
+allow ypserv_t ypserv_var_run_t:dir rw_dir_perms;
+allow ypserv_t ypserv_var_run_t:file manage_file_perms;
 files_create_pid(ypserv_t,ypserv_var_run_t)
 
 kernel_read_kernel_sysctl(ypserv_t)
@@ -189,6 +190,8 @@ corecmd_exec_bin(ypserv_t)
 
 domain_use_wide_inherit_fd(ypserv_t)
 
+files_read_var_files(ypserv_t)
+
 init_use_fd(ypserv_t)
 init_use_script_pty(ypserv_t)
 init_udp_sendto_script(ypserv_t)