diff --git a/policy/modules/services/gpm.if b/policy/modules/services/gpm.if index 7d9378c..9a21080 100644 --- a/policy/modules/services/gpm.if +++ b/policy/modules/services/gpm.if @@ -16,6 +16,7 @@ interface(`gpm_stream_connect',` type gpmctl_t, gpm_t; ') + dev_list_all_dev_nodes($1) stream_connect_pattern($1, gpmctl_t, gpmctl_t, gpm_t) ') diff --git a/policy/modules/services/inn.if b/policy/modules/services/inn.if index ebc9e0d..31eb768 100644 --- a/policy/modules/services/inn.if +++ b/policy/modules/services/inn.if @@ -93,6 +93,7 @@ interface(`inn_read_config',` type innd_etc_t; ') + files_search_etc($1) allow $1 innd_etc_t:dir list_dir_perms; allow $1 innd_etc_t:file read_file_perms; allow $1 innd_etc_t:lnk_file read_lnk_file_perms; @@ -113,6 +114,7 @@ interface(`inn_read_news_lib',` type innd_var_lib_t; ') + files_search_var_lib($1) allow $1 innd_var_lib_t:dir list_dir_perms; allow $1 innd_var_lib_t:file read_file_perms; allow $1 innd_var_lib_t:lnk_file read_lnk_file_perms; @@ -133,6 +135,7 @@ interface(`inn_read_news_spool',` type news_spool_t; ') + files_search_spool($1) allow $1 news_spool_t:dir list_dir_perms; allow $1 news_spool_t:file read_file_perms; allow $1 news_spool_t:lnk_file read_lnk_file_perms; diff --git a/policy/modules/services/kerneloops.if b/policy/modules/services/kerneloops.if index 767833d..241f7e7 100644 --- a/policy/modules/services/kerneloops.if +++ b/policy/modules/services/kerneloops.if @@ -111,5 +111,6 @@ interface(`kerneloops_admin',` role_transition $2 kerneloops_initrc_exec_t system_r; allow $2 system_r; + files_search_tmp($1) admin_pattern($1, kerneloops_tmp_t) ') diff --git a/policy/modules/services/ldap.if b/policy/modules/services/ldap.if index eabd77a..c51c1f6 100644 --- a/policy/modules/services/ldap.if +++ b/policy/modules/services/ldap.if @@ -187,6 +187,7 @@ interface(`ldap_admin',` admin_pattern($1, slapd_lock_t) + files_list_var_lib($1) admin_pattern($1, slapd_replog_t) files_list_tmp($1) diff --git a/policy/modules/services/milter.if b/policy/modules/services/milter.if index e10894b..d7e81f3 100644 --- a/policy/modules/services/milter.if +++ b/policy/modules/services/milter.if @@ -59,6 +59,7 @@ interface(`milter_stream_connect_all',` attribute milter_data_type, milter_domains; ') + files_search_pids($1) stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains) ') diff --git a/policy/modules/services/mpd.if b/policy/modules/services/mpd.if index 65c79bc..03ab1cd 100644 --- a/policy/modules/services/mpd.if +++ b/policy/modules/services/mpd.if @@ -197,6 +197,7 @@ interface(`mpd_var_lib_filetrans',` type mpd_var_lib_t; ') + files_search_var_lib($1) filetrans_pattern($1, mpd_var_lib_t, $2, $3) ') diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if index b81e257..8cabfd2 100644 --- a/policy/modules/services/mysql.if +++ b/policy/modules/services/mysql.if @@ -344,13 +344,17 @@ interface(`mysql_admin',` role_transition $2 mysqld_initrc_exec_t system_r; allow $2 system_r; + files_list_pids($1) admin_pattern($1, mysqld_var_run_t) admin_pattern($1, mysqld_db_t) + files_list_etc($1) admin_pattern($1, mysqld_etc_t) + logging_list_logs($1) admin_pattern($1, mysqld_log_t) + files_list_tmp($1) admin_pattern($1, mysqld_tmp_t) ') diff --git a/policy/modules/services/nx.if b/policy/modules/services/nx.if index b1384ad..cbb2bce 100644 --- a/policy/modules/services/nx.if +++ b/policy/modules/services/nx.if @@ -33,6 +33,7 @@ interface(`nx_read_home_files',` type nx_server_home_ssh_t, nx_server_var_lib_t; ') + files_search_var_lib($1) allow $1 nx_server_var_lib_t:dir search_dir_perms; read_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t) read_lnk_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t) @@ -53,6 +54,7 @@ interface(`nx_search_var_lib',` type nx_server_var_lib_t; ') + files_search_var_lib($1) allow $1 nx_server_var_lib_t:dir search_dir_perms; ') @@ -82,5 +84,6 @@ interface(`nx_var_lib_filetrans',` type nx_server_var_lib_t; ') + files_search_var_lib($1) filetrans_pattern($1, nx_server_var_lib_t, $2, $3) ')