From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 11 Apr 2013 10:34:42 +0200
Subject: [refpolicy] [PATCH 12/13] Support tmux control socket
In-Reply-To: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be>
References: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1365669283-22005-13-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The tmux application places its control socket in /tmp/tmux-*. Introduce a
transition from screen_tmp_t (the /tmp/tmux-* directory) towards
screen_var_run_t for socket files.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 screen.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/screen.te b/screen.te
index f095081..75d538c 100644
--- a/screen.te
+++ b/screen.te
@@ -38,12 +38,13 @@ allow screen_domain self:process signal_perms;
 allow screen_domain self:fd use;
 allow screen_domain self:fifo_file rw_fifo_file_perms;
 allow screen_domain self:tcp_socket { accept listen };
-allow screen_domain self:unix_stream_socket connectto;
+allow screen_domain self:unix_stream_socket { accept connectto listen };
 
 manage_dirs_pattern(screen_domain, screen_tmp_t, screen_tmp_t)
 manage_files_pattern(screen_domain, screen_tmp_t, screen_tmp_t)
 manage_fifo_files_pattern(screen_domain, screen_tmp_t, screen_tmp_t)
 files_tmp_filetrans(screen_domain, screen_tmp_t, { file dir })
+filetrans_pattern(screen_domain, screen_tmp_t, screen_var_run_t, sock_file)
 
 manage_fifo_files_pattern(screen_domain, screen_var_run_t, screen_var_run_t)
 manage_dirs_pattern(screen_domain, screen_var_run_t, screen_var_run_t)
-- 
1.8.1.5