Allow clamd to read spamd_var_run_t files

diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
index 4bc077f5cb1a941a5c2bbec8e5c962fe640ef85d..9f2a3582355e032d22db2c0fa5371ff2e1617146 100644 (file)
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -163,6 +163,7 @@ optional_policy(`
 
 optional_policy(`
        spamd_stream_connect(clamd_t)
+       spamassassin_read_pid_files(clamd_t)
 ')
 
 tunable_policy(`clamd_use_jit',`

diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index 85e8212d42e0432f50bd3fa97ce46e94b856783d..a313f4bc3ed83bb49abcee96ccd41f62fe51cd11 100644 (file)
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -313,6 +313,24 @@ interface(`spamd_stream_connect',`
        stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
 ')
 
+########################################
+## <summary>
+##     Read spamd pid files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`spamassassin_read_pid_files',`
+       gen_require(`
+               type spamd_var_run_t;
+       ')
+
+       read_files_pattern($1, spamd_var_run_t, spamd_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##     All of the rules required to administrate