From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 11 Feb 2017 14:54:00 -0500 Subject: [refpolicy] [PATCH 2/2] cups: read permission for cupsd_var_run_t socket files in cups_read_pid_files() In-Reply-To: <1486657583.28070.10.camel@trentalancia.net> References: <1486657515.28070.9.camel@trentalancia.net> <1486657583.28070.10.camel@trentalancia.net> Message-ID: <339abd26-09c2-fdea-ae9b-53e01ab5cbef@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/09/17 11:26, Guido Trentalancia via refpolicy wrote: > Modify the cups_read_pid_files() interface so that it allows > to read socket files of the cupsd_var_run_t type and not only > standard files. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/cups.if | 1 + > 1 file changed, 1 insertion(+) > > diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if > --- a/policy/modules/contrib/cups.if 2017-01-24 18:56:19.569106107 +0100 > +++ b/policy/modules/contrib/cups.if 2017-02-09 16:46:23.649827258 +0100 > @@ -124,6 +124,7 @@ interface(`cups_read_pid_files',` > > files_search_pids($1) > allow $1 cupsd_var_run_t:file read_file_perms; > + allow $1 cupsd_var_run_t:sock_file read_sock_file_perms; > ') > > ######################################## You really saw sock_file read? I don't think I've ever seen that. Regardless, this should be a separate interface. -- Chris PeBenito