[selinux-policy: 2926/3172] courier patch from Dan Walsh

[Daniel J Walsh]

commit 483be01302347bf2b513f420cd543a13d775ec5d
Author: Jeremy Solt <jsolt at tresys.com>
Date:   Mon Aug 30 10:45:10 2010 -0400

    courier patch from Dan Walsh

 policy/modules/services/courier.if |    2 ++
 policy/modules/services/courier.te |    1 +
 2 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if
index 37b03f6..9971337 100644
--- a/policy/modules/services/courier.if
+++ b/policy/modules/services/courier.if
@@ -38,10 +38,12 @@ template(`courier_domain_template',`
 	read_files_pattern(courier_$1_t, courier_etc_t, courier_etc_t)
 	allow courier_$1_t courier_etc_t:dir list_dir_perms;
 
+	manage_dirs_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	files_search_pids(courier_$1_t)
+	files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)
 
 	kernel_read_system_state(courier_$1_t)
 	kernel_read_kernel_sysctls(courier_$1_t)
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index b96c242..72901d8 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -48,6 +48,7 @@ allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_fifo_file_perms;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:unix_stream_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:process sigchld;
+allow courier_authdaemon_t courier_tcpd_t:fd use;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;