From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 12 Feb 2017 13:35:02 -0500
Subject: [refpolicy] [PATCH 1/2] cups: read permission for
 cupsd_var_run_t socket files in cups_stream_connect()
In-Reply-To: <1486657515.28070.9.camel@trentalancia.net>
References: <1486657515.28070.9.camel@trentalancia.net>
Message-ID: <2a598db0-f568-effe-b9e7-9052e6db42b2@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/09/17 11:25, Guido Trentalancia via refpolicy wrote:
> Modify the cups_stream_connect() interface so that it can also
> read cupsd_var_run_t socket files in addition to writing them.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/cups.if |    1 +
>  1 file changed, 1 insertion(+)
>
> diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
> --- a/policy/modules/contrib/cups.if	2017-01-24 18:56:19.569106107 +0100
> +++ b/policy/modules/contrib/cups.if	2017-02-09 16:57:59.936511815 +0100
> @@ -69,6 +69,7 @@ interface(`cups_stream_connect',`
>  	')
>
>  	files_search_pids($1)
> +	allow $1 cupsd_var_run_t:sock_file read_sock_file_perms;
>  	stream_connect_pattern($1, cupsd_var_run_t, cupsd_var_run_t, cupsd_t)
>  ')

Merged.

-- 
Chris PeBenito