From b6d0a79f2c8592c941525c57d653e7621338b0c8 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Sep 15 2010 15:42:28 +0000
Subject: Use admin_pattern. Allow nslcd_admin to search parent directories to be able to interact with nslcd content.


Signed-off-by: Dominick Grift <domg472@gmail.com>

---

diff --git a/policy/modules/services/nslcd.if b/policy/modules/services/nslcd.if
index 23c769c..b94add1 100644
--- a/policy/modules/services/nslcd.if
+++ b/policy/modules/services/nslcd.if
@@ -106,9 +106,9 @@ interface(`nslcd_admin',`
 	role_transition $2 nslcd_initrc_exec_t system_r;
 	allow $2 system_r;
 
-	manage_files_pattern($1, nslcd_conf_t, nslcd_conf_t)
+	files_search_etc($1)
+	admin_pattern($1, nslcd_conf_t)
 
-	manage_dirs_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
-	manage_files_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
-	manage_lnk_files_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
+	files_search_pids($1)
+	admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
 ')