From ce87242fcafb2ce904c237c4679c8a21d95a15a6 Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Sep 20 2010 16:15:55 +0000 Subject: Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Fix typo. Squash me with f7691806b4a54f3debfabaa403e1472acc17427e --- diff --git a/policy/modules/services/gpm.if b/policy/modules/services/gpm.if index 7d9378c..9a21080 100644 --- a/policy/modules/services/gpm.if +++ b/policy/modules/services/gpm.if @@ -16,6 +16,7 @@ interface(`gpm_stream_connect',` type gpmctl_t, gpm_t; ') + dev_list_all_dev_nodes($1) stream_connect_pattern($1, gpmctl_t, gpmctl_t, gpm_t) ') diff --git a/policy/modules/services/inn.if b/policy/modules/services/inn.if index ebc9e0d..31eb768 100644 --- a/policy/modules/services/inn.if +++ b/policy/modules/services/inn.if @@ -93,6 +93,7 @@ interface(`inn_read_config',` type innd_etc_t; ') + files_search_etc($1) allow $1 innd_etc_t:dir list_dir_perms; allow $1 innd_etc_t:file read_file_perms; allow $1 innd_etc_t:lnk_file read_lnk_file_perms; @@ -113,6 +114,7 @@ interface(`inn_read_news_lib',` type innd_var_lib_t; ') + files_search_var_lib($1) allow $1 innd_var_lib_t:dir list_dir_perms; allow $1 innd_var_lib_t:file read_file_perms; allow $1 innd_var_lib_t:lnk_file read_lnk_file_perms; @@ -133,6 +135,7 @@ interface(`inn_read_news_spool',` type news_spool_t; ') + files_search_spool($1) allow $1 news_spool_t:dir list_dir_perms; allow $1 news_spool_t:file read_file_perms; allow $1 news_spool_t:lnk_file read_lnk_file_perms; diff --git a/policy/modules/services/kerneloops.if b/policy/modules/services/kerneloops.if index 767833d..241f7e7 100644 --- a/policy/modules/services/kerneloops.if +++ b/policy/modules/services/kerneloops.if @@ -111,5 +111,6 @@ interface(`kerneloops_admin',` role_transition $2 kerneloops_initrc_exec_t system_r; allow $2 system_r; + files_search_tmp($1) admin_pattern($1, kerneloops_tmp_t) ') diff --git a/policy/modules/services/ldap.if b/policy/modules/services/ldap.if index eabd77a..c51c1f6 100644 --- a/policy/modules/services/ldap.if +++ b/policy/modules/services/ldap.if @@ -187,6 +187,7 @@ interface(`ldap_admin',` admin_pattern($1, slapd_lock_t) + files_list_var_lib($1) admin_pattern($1, slapd_replog_t) files_list_tmp($1) diff --git a/policy/modules/services/milter.if b/policy/modules/services/milter.if index e10894b..d7e81f3 100644 --- a/policy/modules/services/milter.if +++ b/policy/modules/services/milter.if @@ -59,6 +59,7 @@ interface(`milter_stream_connect_all',` attribute milter_data_type, milter_domains; ') + files_search_pids($1) stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains) ') diff --git a/policy/modules/services/mpd.if b/policy/modules/services/mpd.if index 65c79bc..03ab1cd 100644 --- a/policy/modules/services/mpd.if +++ b/policy/modules/services/mpd.if @@ -197,6 +197,7 @@ interface(`mpd_var_lib_filetrans',` type mpd_var_lib_t; ') + files_search_var_lib($1) filetrans_pattern($1, mpd_var_lib_t, $2, $3) ') diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if index b81e257..8cabfd2 100644 --- a/policy/modules/services/mysql.if +++ b/policy/modules/services/mysql.if @@ -344,13 +344,17 @@ interface(`mysql_admin',` role_transition $2 mysqld_initrc_exec_t system_r; allow $2 system_r; + files_list_pids($1) admin_pattern($1, mysqld_var_run_t) admin_pattern($1, mysqld_db_t) + files_list_etc($1) admin_pattern($1, mysqld_etc_t) + logging_list_logs($1) admin_pattern($1, mysqld_log_t) + files_list_tmp($1) admin_pattern($1, mysqld_tmp_t) ') diff --git a/policy/modules/services/nx.if b/policy/modules/services/nx.if index b1384ad..cbb2bce 100644 --- a/policy/modules/services/nx.if +++ b/policy/modules/services/nx.if @@ -33,6 +33,7 @@ interface(`nx_read_home_files',` type nx_server_home_ssh_t, nx_server_var_lib_t; ') + files_search_var_lib($1) allow $1 nx_server_var_lib_t:dir search_dir_perms; read_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t) read_lnk_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t) @@ -53,6 +54,7 @@ interface(`nx_search_var_lib',` type nx_server_var_lib_t; ') + files_search_var_lib($1) allow $1 nx_server_var_lib_t:dir search_dir_perms; ') @@ -82,5 +84,6 @@ interface(`nx_var_lib_filetrans',` type nx_server_var_lib_t; ') + files_search_var_lib($1) filetrans_pattern($1, nx_server_var_lib_t, $2, $3) ')