Allow openct to stream connect to pcscd

author Miroslav Grepl <mgrepl@redhat.com>

Mon, 14 Nov 2011 13:46:30 +0000 (13:46 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Mon, 14 Nov 2011 13:46:30 +0000 (13:46 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Mon, 14 Nov 2011 13:46:30 +0000 (13:46 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Mon, 14 Nov 2011 13:46:30 +0000 (13:46 +0000)
diff --git a/policy/modules/services/openct.te b/policy/modules/services/openct.te

index 7f8fdc2c0184d82c66d25d3e61be19796a64da61..047d985f82a7f06e7068adb284bc3dc46fa08769 100644 (file)
--- a/policy/modules/services/openct.te
+++ b/policy/modules/services/openct.te
@@ -23,12 +23,13 @@ allow openct_t self:process signal_perms;
  manage_dirs_pattern(openct_t, openct_var_run_t, openct_var_run_t)
  manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
  manage_sock_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
-files_pid_filetrans(openct_t, openct_var_run_t, { dir file sock_file })
  
  kernel_read_kernel_sysctls(openct_t)
  kernel_list_proc(openct_t)
  kernel_read_proc_symlinks(openct_t)
  
+can_exec(openct_t, openct_exec_t)
+
  dev_read_sysfs(openct_t)
  # openct asks for this
  dev_rw_usbfs(openct_t)
@@ -50,7 +51,9 @@ miscfiles_read_localization(openct_t)
  userdom_dontaudit_use_unpriv_user_fds(openct_t)
  userdom_dontaudit_search_user_home_dirs(openct_t)
  
-openct_exec(openct_t)
+optional_policy(`
+       pcscd_stream_connect(openct_t)
+')
  
  optional_policy(`
         seutil_sigchld_newrole(openct_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 14 Nov 2011 13:46:30 +0000 (13:46 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 14 Nov 2011 13:46:30 +0000 (13:46 +0000)