[selinux-policy: 2969/3172] Allow pads_admin to search parent directories to be able to interact with pads content.

Thu Oct 7 23:24:20 UTC 2010

commit 1215dfb87cb9773baa25e6d9be4718a53f90578b
Author: Dominick Grift <domg472 at gmail.com>
Date:   Wed Sep 15 13:05:32 2010 +0200

    Allow pads_admin to search parent directories to be able to interact with pads content.
    
    Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.
    
    Allow postgresql admin to search parent directories to be able to manage postgresql content.
    
    Allow prelude_admin to search parent directories to be able to manage prelude content.
    
    Signed-off-by: Dominick Grift <domg472 at gmail.com>

 policy/modules/services/pads.if       |    3 +++
 policy/modules/services/plymouthd.if  |    2 ++
 policy/modules/services/postgresql.if |    3 +++
 policy/modules/services/prelude.if    |    7 +++++++
 4 files changed, 15 insertions(+), 0 deletions(-)
---

diff --git a/policy/modules/services/pads.if b/policy/modules/services/pads.if
index 8ac407e..4452d3b 100644
--- a/policy/modules/services/pads.if
+++ b/policy/modules/services/pads.if
@@ -39,6 +39,9 @@ interface(`pads_admin', `
 	role_transition $2 pads_initrc_exec_t system_r;
 	allow $2 system_r;
 
+	files_search_pids($1)
 	admin_pattern($1, pads_var_run_t)
+
+	files_search_etc($1)
 	admin_pattern($1, pads_config_t)
 ')
diff --git a/policy/modules/services/plymouthd.if b/policy/modules/services/plymouthd.if
index 9759ed8..e90b2a1 100644
--- a/policy/modules/services/plymouthd.if
+++ b/policy/modules/services/plymouthd.if
@@ -252,9 +252,11 @@ interface(`plymouthd_admin', `
 	allow $1 plymouthd_t:process { ptrace signal_perms getattr };
 	read_files_pattern($1, plymouthd_t, plymouthd_t)
 
+	files_search_var_lib($1)
 	admin_pattern($1, plymouthd_spool_t)
 
 	admin_pattern($1, plymouthd_var_lib_t)
 
+	files_search_pids($1)
 	admin_pattern($1, plymouthd_var_run_t)
 ')
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index 539a7c9..85699e5 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -441,10 +441,13 @@ interface(`postgresql_admin',`
 
 	admin_pattern($1, postgresql_var_run_t)
 
+	files_search_var_lib($1)
 	admin_pattern($1, postgresql_db_t)
 
+	files_search_etc($1)
 	admin_pattern($1, postgresql_etc_t)
 
+	logging_search_logs($1)
 	admin_pattern($1, postgresql_log_t)
 
 	admin_pattern($1, postgresql_tmp_t)
diff --git a/policy/modules/services/prelude.if b/policy/modules/services/prelude.if
index 2316653..e4d8797 100644
--- a/policy/modules/services/prelude.if
+++ b/policy/modules/services/prelude.if
@@ -136,9 +136,16 @@ interface(`prelude_admin',`
 	allow $2 system_r;
 
 	admin_pattern($1, prelude_spool_t)
+
+	files_search_var_lib($1)
 	admin_pattern($1, prelude_var_lib_t)
+
+	files_search_pids($1)
 	admin_pattern($1, prelude_var_run_t)
 	admin_pattern($1, prelude_audisp_var_run_t)
+
+	files_search_tmp($1)
 	admin_pattern($1, prelude_lml_tmp_t)
+
 	admin_pattern($1, prelude_lml_var_run_t)
 ')
