From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 12 Feb 2017 13:35:02 -0500 Subject: [refpolicy] [PATCH 1/2] cups: read permission for cupsd_var_run_t socket files in cups_stream_connect() In-Reply-To: <1486657515.28070.9.camel@trentalancia.net> References: <1486657515.28070.9.camel@trentalancia.net> Message-ID: <2a598db0-f568-effe-b9e7-9052e6db42b2@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/09/17 11:25, Guido Trentalancia via refpolicy wrote: > Modify the cups_stream_connect() interface so that it can also > read cupsd_var_run_t socket files in addition to writing them. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/cups.if | 1 + > 1 file changed, 1 insertion(+) > > diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if > --- a/policy/modules/contrib/cups.if 2017-01-24 18:56:19.569106107 +0100 > +++ b/policy/modules/contrib/cups.if 2017-02-09 16:57:59.936511815 +0100 > @@ -69,6 +69,7 @@ interface(`cups_stream_connect',` > ') > > files_search_pids($1) > + allow $1 cupsd_var_run_t:sock_file read_sock_file_perms; > stream_connect_pattern($1, cupsd_var_run_t, cupsd_var_run_t, cupsd_t) > ') Merged. -- Chris PeBenito