From 23064fa2255fb5953c97254deaef216ea12b1b7f Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 28 Nov 2011 14:09:15 +0100
Subject: [PATCH] Allow clamd to read spamd pid file  * needs to read
 /var/spool/MIMEDefang/*

---
 policy/modules/services/clamav.te       |  1 +
 policy/modules/services/spamassassin.if | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
index 4bc077f5..4c06224d 100644
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -163,6 +163,7 @@ optional_policy(`
 
 optional_policy(`
 	spamd_stream_connect(clamd_t)
+	spamd_read_pid(clamd_t)
 ')
 
 tunable_policy(`clamd_use_jit',`
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index 85e8212d..4aac5953 100644
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -294,6 +294,25 @@ interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',`
 	dontaudit $1 spamd_tmp_t:sock_file getattr_sock_file_perms;
 ')
 
+#######################################
+## <summary>
+##  Read spamd pid file.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed to connect.
+##  </summary>
+## </param>
+#
+interface(`spamd_read_pid',`
+    gen_require(`
+        type spamd_t, spamd_var_run_t;
+    ')
+
+    files_search_pids($1)
+    read_files_pattern($1, spamd_var_run_t, spamd_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##	Connect to run spamd.
-- 
2.47.3