[selinux-policy: 2991/3172] Search parent directory to be able to interact with target content.

Thu Oct 7 23:26:12 UTC 2010

commit f92662114af7a7c2c63649eaaf4ae157eacbb8ec
Author: Dominick Grift <domg472 at gmail.com>
Date:   Wed Sep 15 21:37:38 2010 +0200

    Search parent directory to be able to interact with target content.
    
    Search parent directory to be able to interact with target content.
    
    Search parent directory to be able to interact with target content.
    
    Signed-off-by: Dominick Grift <domg472 at gmail.com>
    
    Search parent directory to be able to interact with target content.
    
    Search parent directory to be able to interact with target content.
    
    Signed-off-by: Dominick Grift <domg472 at gmail.com>
    
    Search parent directory to be able to interact with target content.
    
    Search parent directory to be able to interact with target content.
    
    Search parent directory to be able to interact with target content.

 policy/modules/services/smartmon.if     |    1 +
 policy/modules/services/snmp.if         |    1 +
 policy/modules/services/spamassassin.if |    3 +++
 policy/modules/services/sssd.if         |    1 +
 policy/modules/services/tftp.if         |    1 +
 policy/modules/services/vhostmd.if      |    7 ++++---
 policy/modules/services/xserver.if      |    1 +
 policy/modules/services/zarafa.if       |    2 +-
 8 files changed, 13 insertions(+), 4 deletions(-)
---

diff --git a/policy/modules/services/smartmon.if b/policy/modules/services/smartmon.if
index adea9f9..a35509f 100644
--- a/policy/modules/services/smartmon.if
+++ b/policy/modules/services/smartmon.if
@@ -15,6 +15,7 @@ interface(`smartmon_read_tmp_files',`
 		type fsdaemon_tmp_t;
 	')
 
+	files_search_tmp($1)
 	allow $1 fsdaemon_tmp_t:file read_file_perms;
 ')
 
diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if
index 275f9fb..699c2ab 100644
--- a/policy/modules/services/snmp.if
+++ b/policy/modules/services/snmp.if
@@ -62,6 +62,7 @@ interface(`snmp_read_snmp_var_lib_files',`
 		type snmpd_var_lib_t;
 	')
 
+	files_search_var_lib($1)
 	allow $1 snmpd_var_lib_t:dir list_dir_perms;
 	read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
 	read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index 9c20d36..56950e6 100644
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -151,6 +151,7 @@ interface(`spamassassin_manage_home_client',`
 		type spamc_home_t;
 	')
 
+	userdom_search_user_home_dirs($1)
 	manage_dirs_pattern($1, spamc_home_t, spamc_home_t)
 	manage_files_pattern($1, spamc_home_t, spamc_home_t)
 	manage_lnk_files_pattern($1, spamc_home_t, spamc_home_t)
@@ -249,6 +250,7 @@ interface(`spamassassin_read_spamd_tmp_files',`
 		type spamd_tmp_t;
 	')
 
+	files_search_tmp($1)
 	allow $1 spamd_tmp_t:file read_file_perms;
 ')
 
@@ -286,6 +288,7 @@ interface(`spamd_stream_connect',`
 		type spamd_t, spamd_var_run_t;
 	')
 
+	files_search_pids($1)
 	stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
 ')
 
diff --git a/policy/modules/services/sssd.if b/policy/modules/services/sssd.if
index 8208308..5c34647 100644
--- a/policy/modules/services/sssd.if
+++ b/policy/modules/services/sssd.if
@@ -89,6 +89,7 @@ interface(`sssd_manage_pids',`
 		type sssd_var_run_t;
 	')
 
+	files_search_pids($1)
 	manage_dirs_pattern($1, sssd_var_run_t, sssd_var_run_t)
 	manage_files_pattern($1, sssd_var_run_t, sssd_var_run_t)
 ')
diff --git a/policy/modules/services/tftp.if b/policy/modules/services/tftp.if
index 4d10dda..242576d 100644
--- a/policy/modules/services/tftp.if
+++ b/policy/modules/services/tftp.if
@@ -108,6 +108,7 @@ interface(`tftp_admin',`
 	allow $1 tftpd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, tftpd_t)
 
+	files_list_var_lib($1)
 	admin_pattern($1, tftpdir_rw_t)
 
 	admin_pattern($1, tftpdir_t)
diff --git a/policy/modules/services/vhostmd.if b/policy/modules/services/vhostmd.if
index dadae8e..941311e 100644
--- a/policy/modules/services/vhostmd.if
+++ b/policy/modules/services/vhostmd.if
@@ -52,7 +52,7 @@ interface(`vhostmd_read_tmpfs_files',`
 	')
 
 	allow $1 vhostmd_tmpfs_t:file read_file_perms;
-	files_search_tmp($1)
+	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -90,7 +90,7 @@ interface(`vhostmd_rw_tmpfs_files',`
 	')
 
 	rw_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-	files_search_tmp($1)
+	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -109,7 +109,7 @@ interface(`vhostmd_manage_tmpfs_files',`
 	')
 
 	manage_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-	files_search_tmp($1)
+	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -146,6 +146,7 @@ interface(`vhostmd_manage_pid_files',`
 		type vhostmd_var_run_t;
 	')
 
+	files_search_pids($1)
 	 manage_files_pattern($1, vhostmd_var_run_t, vhostmd_var_run_t)
 ')
 
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index a42438a..f6cb1ad 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -788,6 +788,7 @@ interface(`xserver_stream_connect_xdm',`
 	')
 
 	files_search_tmp($1)
+	files_search_pids($1)
 	stream_connect_pattern($1, xdm_tmp_t, xdm_tmp_t, xdm_t)
 	stream_connect_pattern($1, xdm_var_run_t, xdm_var_run_t, xdm_t)
 ')
diff --git a/policy/modules/services/zarafa.if b/policy/modules/services/zarafa.if
index 29aea13..78fc104 100644
--- a/policy/modules/services/zarafa.if
+++ b/policy/modules/services/zarafa.if
@@ -12,7 +12,6 @@
 ## </param>
 #
 template(`zarafa_domain_template',`
-
 	gen_require(`
 		attribute zarafa_domain;
 	')
@@ -98,5 +97,6 @@ interface(`zarafa_stream_connect_server',`
 		type zarafa_server_t, zarafa_server_var_run_t;
 	')
 
+	files_search_var_lib($1)
 	stream_connect_pattern($1, zarafa_server_t, zarafa_server_var_run_t, zarafa_server_t)
 ')
