From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 09 Feb 2017 17:25:15 +0100 Subject: [refpolicy] [PATCH 1/2] cups: read permission for cupsd_var_run_t socket files in cups_stream_connect() Message-ID: <1486657515.28070.9.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Modify the cups_stream_connect() interface so that it can also read cupsd_var_run_t socket files in addition to writing them. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/cups.if | 1 + 1 file changed, 1 insertion(+) diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if --- a/policy/modules/contrib/cups.if 2017-01-24 18:56:19.569106107 +0100 +++ b/policy/modules/contrib/cups.if 2017-02-09 16:57:59.936511815 +0100 @@ -69,6 +69,7 @@ interface(`cups_stream_connect',` ') files_search_pids($1) + allow $1 cupsd_var_run_t:sock_file read_sock_file_perms; stream_connect_pattern($1, cupsd_var_run_t, cupsd_var_run_t, cupsd_t) ')