From: Miroslav Grepl Date: Mon, 28 Nov 2011 13:09:15 +0000 (+0100) Subject: Allow clamd to read spamd pid file X-Git-Tag: 000~78^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=23064fa2255fb5953c97254deaef216ea12b1b7f;p=people%2Fstevee%2Fselinux-policy.git Allow clamd to read spamd pid file * needs to read /var/spool/MIMEDefang/* --- diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te index 4bc077f5..4c06224d 100644 --- a/policy/modules/services/clamav.te +++ b/policy/modules/services/clamav.te @@ -163,6 +163,7 @@ optional_policy(` optional_policy(` spamd_stream_connect(clamd_t) + spamd_read_pid(clamd_t) ') tunable_policy(`clamd_use_jit',` diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if index 85e8212d..4aac5953 100644 --- a/policy/modules/services/spamassassin.if +++ b/policy/modules/services/spamassassin.if @@ -294,6 +294,25 @@ interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',` dontaudit $1 spamd_tmp_t:sock_file getattr_sock_file_perms; ') +####################################### +## +## Read spamd pid file. +## +## +## +## Domain allowed to connect. +## +## +# +interface(`spamd_read_pid',` + gen_require(` + type spamd_t, spamd_var_run_t; + ') + + files_search_pids($1) + read_files_pattern($1, spamd_var_run_t, spamd_var_run_t) +') + ######################################## ## ## Connect to run spamd.