From: dominick.grift@gmail.com (grift)
Date: Sun, 09 Dec 2012 14:58:04 +0100
Subject: [refpolicy] [PATCH 05/11] Use rw_fifo_file_perms
In-Reply-To: <1355000222-7297-6-git-send-email-sven.vermeulen@siphos.be>
References: <1355000222-7297-1-git-send-email-sven.vermeulen@siphos.be>
	<1355000222-7297-6-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1355061484.1797.69.camel@localhost>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, 2012-12-08 at 21:56 +0100, Sven Vermeulen wrote:
> The cron_rw_pipes interface should use rw_fifo_file_perms, otherwise the ioctl
> privilege is not granted.

This was merged thanks

although the better fix would have been to rename this interface to
cron_rw_inherited_pipes and to create an additional cron_rw_pipes
probably

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  cron.if |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/cron.if b/cron.if
> index 01ba3ce..1303b30 100644
> --- a/cron.if
> +++ b/cron.if
> @@ -566,7 +566,7 @@ interface(`cron_rw_pipes',`
>  		type crond_t;
>  	')
>  
> -	allow $1 crond_t:fifo_file { getattr read write };
> +	allow $1 crond_t:fifo_file rw_fifo_file_perms;
>  ')
>  
>  ########################################