commit: 56bb41501530668d9c82041851f00d59bc90fbee Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Mon Feb 8 22:22:58 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Fri Feb 12 02:54:52 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=56bb4150
Add an interface to allow a domain to read firewalld_var_run_t files policy/modules/contrib/firewalld.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/contrib/firewalld.if b/policy/modules/contrib/firewalld.if index a16179b..dd89afa 100644 --- a/policy/modules/contrib/firewalld.if +++ b/policy/modules/contrib/firewalld.if @@ -61,6 +61,25 @@ interface(`firewalld_dontaudit_rw_tmp_files',` ######################################## ## <summary> +## Read firewalld runtime files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`firewalld_read_var_run_files',` + gen_require(` + type firewalld_var_run_t; + ') + + files_search_pids($1) + read_files_pattern($1, firewalld_var_run_t, firewalld_var_run_t) +') + +######################################## +## <summary> ## All of the rules required to ## administrate an firewalld environment. ## </summary>
