From 20feb75b572a21a7a376d6780cc5c1d636cda610 Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Thu, 6 Mar 2014 10:16:53 -0500
Subject: [PATCH] Allow all domains to read from socket_device directory.

This is a world-readable directory anyway and will help to
address a small number of new denials.

Change-Id: I9e53c89a19da8553cbcbef8295c02ccaaa5d564c
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 34af567d9..e856288de 100644
--- a/domain.te
+++ b/domain.te
@@ -61,7 +61,7 @@ allow domain device:dir search;
 allow domain dev_type:lnk_file r_file_perms;
 allow domain devpts:dir search;
 allow domain device:file read;
-allow domain socket_device:dir search;
+allow domain socket_device:dir r_dir_perms;
 allow domain owntty_device:chr_file rw_file_perms;
 allow domain null_device:chr_file rw_file_perms;
 allow domain zero_device:chr_file r_file_perms;
-- 
GitLab