From f386b9002d4b8693ca592b9a567f25ea5dfaf87f Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Sep 15 2010 15:42:28 +0000 Subject: Use the stream_connect_pattern. Use stream_connect_pattern. Signed-off-by: Dominick Grift --- diff --git a/policy/modules/services/ldap.if b/policy/modules/services/ldap.if index e5684f4..d15f94d 100644 --- a/policy/modules/services/ldap.if +++ b/policy/modules/services/ldap.if @@ -126,11 +126,10 @@ interface(`ldap_stream_connect',` ') files_search_pids($1) - allow $1 slapd_var_run_t:sock_file write; - allow $1 slapd_t:unix_stream_socket connectto; + stream_connect_pattern($1, slapd_var_run_t, slapd_var_run_t, slapd_t) optional_policy(` - ldap_stream_connect_dirsrv($1) + ldap_stream_connect_dirsrv($1) ') ') @@ -150,8 +149,7 @@ interface(`ldap_stream_connect_dirsrv',` ') files_search_pids($1) - allow $1 dirsrv_var_run_t:sock_file write; - allow $1 dirsrv_t:unix_stream_socket connectto; + stream_connect_pattern($1, dirsrv_var_run_t, dirsrv_var_run_t, dirsrv_t) ') ######################################## diff --git a/policy/modules/services/munin.if b/policy/modules/services/munin.if index 5046738..dda8ca9 100644 --- a/policy/modules/services/munin.if +++ b/policy/modules/services/munin.if @@ -57,9 +57,8 @@ interface(`munin_stream_connect',` type munin_var_run_t, munin_t; ') - allow $1 munin_t:unix_stream_socket connectto; - allow $1 munin_var_run_t:sock_file { getattr write }; files_search_pids($1) + stream_connect_pattern($1, munin_var_run_t, munin_var_run_t, munin_t) ') #######################################