diff --git a/policy/modules/services/smartmon.if b/policy/modules/services/smartmon.if index adea9f9..a35509f 100644 --- a/policy/modules/services/smartmon.if +++ b/policy/modules/services/smartmon.if @@ -15,6 +15,7 @@ interface(`smartmon_read_tmp_files',` type fsdaemon_tmp_t; ') + files_search_tmp($1) allow $1 fsdaemon_tmp_t:file read_file_perms; ') diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if index 275f9fb..699c2ab 100644 --- a/policy/modules/services/snmp.if +++ b/policy/modules/services/snmp.if @@ -62,6 +62,7 @@ interface(`snmp_read_snmp_var_lib_files',` type snmpd_var_lib_t; ') + files_search_var_lib($1) allow $1 snmpd_var_lib_t:dir list_dir_perms; read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t) read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t) diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if index 9c20d36..56950e6 100644 --- a/policy/modules/services/spamassassin.if +++ b/policy/modules/services/spamassassin.if @@ -151,6 +151,7 @@ interface(`spamassassin_manage_home_client',` type spamc_home_t; ') + userdom_search_user_home_dirs($1) manage_dirs_pattern($1, spamc_home_t, spamc_home_t) manage_files_pattern($1, spamc_home_t, spamc_home_t) manage_lnk_files_pattern($1, spamc_home_t, spamc_home_t) @@ -249,6 +250,7 @@ interface(`spamassassin_read_spamd_tmp_files',` type spamd_tmp_t; ') + files_search_tmp($1) allow $1 spamd_tmp_t:file read_file_perms; ') @@ -286,6 +288,7 @@ interface(`spamd_stream_connect',` type spamd_t, spamd_var_run_t; ') + files_search_pids($1) stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t) ') diff --git a/policy/modules/services/sssd.if b/policy/modules/services/sssd.if index 8208308..5c34647 100644 --- a/policy/modules/services/sssd.if +++ b/policy/modules/services/sssd.if @@ -89,6 +89,7 @@ interface(`sssd_manage_pids',` type sssd_var_run_t; ') + files_search_pids($1) manage_dirs_pattern($1, sssd_var_run_t, sssd_var_run_t) manage_files_pattern($1, sssd_var_run_t, sssd_var_run_t) ') diff --git a/policy/modules/services/tftp.if b/policy/modules/services/tftp.if index 4d10dda..242576d 100644 --- a/policy/modules/services/tftp.if +++ b/policy/modules/services/tftp.if @@ -108,6 +108,7 @@ interface(`tftp_admin',` allow $1 tftpd_t:process { ptrace signal_perms getattr }; ps_process_pattern($1, tftpd_t) + files_list_var_lib($1) admin_pattern($1, tftpdir_rw_t) admin_pattern($1, tftpdir_t) diff --git a/policy/modules/services/vhostmd.if b/policy/modules/services/vhostmd.if index dadae8e..941311e 100644 --- a/policy/modules/services/vhostmd.if +++ b/policy/modules/services/vhostmd.if @@ -52,7 +52,7 @@ interface(`vhostmd_read_tmpfs_files',` ') allow $1 vhostmd_tmpfs_t:file read_file_perms; - files_search_tmp($1) + fs_search_tmpfs($1) ') ######################################## @@ -90,7 +90,7 @@ interface(`vhostmd_rw_tmpfs_files',` ') rw_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t) - files_search_tmp($1) + fs_search_tmpfs($1) ') ######################################## @@ -109,7 +109,7 @@ interface(`vhostmd_manage_tmpfs_files',` ') manage_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t) - files_search_tmp($1) + fs_search_tmpfs($1) ') ######################################## @@ -146,6 +146,7 @@ interface(`vhostmd_manage_pid_files',` type vhostmd_var_run_t; ') + files_search_pids($1) manage_files_pattern($1, vhostmd_var_run_t, vhostmd_var_run_t) ') diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index a42438a..f6cb1ad 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -788,6 +788,7 @@ interface(`xserver_stream_connect_xdm',` ') files_search_tmp($1) + files_search_pids($1) stream_connect_pattern($1, xdm_tmp_t, xdm_tmp_t, xdm_t) stream_connect_pattern($1, xdm_var_run_t, xdm_var_run_t, xdm_t) ') diff --git a/policy/modules/services/zarafa.if b/policy/modules/services/zarafa.if index 29aea13..78fc104 100644 --- a/policy/modules/services/zarafa.if +++ b/policy/modules/services/zarafa.if @@ -12,7 +12,6 @@ ## # template(`zarafa_domain_template',` - gen_require(` attribute zarafa_domain; ') @@ -98,5 +97,6 @@ interface(`zarafa_stream_connect_server',` type zarafa_server_t, zarafa_server_var_run_t; ') + files_search_var_lib($1) stream_connect_pattern($1, zarafa_server_t, zarafa_server_var_run_t, zarafa_server_t) ')