From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat,  8 Dec 2012 21:56:56 +0100
Subject: [refpolicy] [PATCH 05/11] Use rw_fifo_file_perms
In-Reply-To: <1355000222-7297-1-git-send-email-sven.vermeulen@siphos.be>
References: <1355000222-7297-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1355000222-7297-6-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The cron_rw_pipes interface should use rw_fifo_file_perms, otherwise the ioctl
privilege is not granted.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 cron.if |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/cron.if b/cron.if
index 01ba3ce..1303b30 100644
--- a/cron.if
+++ b/cron.if
@@ -566,7 +566,7 @@ interface(`cron_rw_pipes',`
 		type crond_t;
 	')
 
-	allow $1 crond_t:fifo_file { getattr read write };
+	allow $1 crond_t:fifo_file rw_fifo_file_perms;
 ')
 
 ########################################
-- 
1.7.8.6