From: dominick.grift@gmail.com (Dominick Grift) Date: Wed, 17 Apr 2013 18:46:28 +0200 Subject: [refpolicy] [PATCH 12/13] Support tmux control socket In-Reply-To: <1365669283-22005-13-git-send-email-sven.vermeulen@siphos.be> References: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be> <1365669283-22005-13-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1366217188.2803.49.camel@x220.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2013-04-11 at 10:34 +0200, Sven Vermeulen wrote: > The tmux application places its control socket in /tmp/tmux-*. Introduce a > transition from screen_tmp_t (the /tmp/tmux-* directory) towards > screen_var_run_t for socket files. > > Signed-off-by: Sven Vermeulen Merged, thanks > --- > screen.te | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/screen.te b/screen.te > index f095081..75d538c 100644 > --- a/screen.te > +++ b/screen.te > @@ -38,12 +38,13 @@ allow screen_domain self:process signal_perms; > allow screen_domain self:fd use; > allow screen_domain self:fifo_file rw_fifo_file_perms; > allow screen_domain self:tcp_socket { accept listen }; > -allow screen_domain self:unix_stream_socket connectto; > +allow screen_domain self:unix_stream_socket { accept connectto listen }; > > manage_dirs_pattern(screen_domain, screen_tmp_t, screen_tmp_t) > manage_files_pattern(screen_domain, screen_tmp_t, screen_tmp_t) > manage_fifo_files_pattern(screen_domain, screen_tmp_t, screen_tmp_t) > files_tmp_filetrans(screen_domain, screen_tmp_t, { file dir }) > +filetrans_pattern(screen_domain, screen_tmp_t, screen_var_run_t, sock_file) > > manage_fifo_files_pattern(screen_domain, screen_var_run_t, screen_var_run_t) > manage_dirs_pattern(screen_domain, screen_var_run_t, screen_var_run_t)