--- selinux/dirsrv-admin.if 2010-01-20 10:39:35.765329723 -0800
+++ selinux/dirsrv-admin.if 2010-01-20 11:15:09.351304364 -0800
@@ -25,7 +25,6 @@
files_exec_usr_files(httpd_t)
files_manage_generic_tmp_files(httpd_t)
- userdom_rw_user_tmp_files(httpd_t)
corenet_tcp_connect_generic_port(httpd_t)
# Strict policy
@@ -81,7 +80,7 @@
# Allow dirsrv to interact with CGIs
allow dirsrv_t httpd_dirsrvadmin_script_t:unix_stream_socket { read write };
- allow dirsrv_t dirsrvadmin_tmp_t:file write;
+ allow dirsrv_t httpd_dirsrvadmin_script_rw_t:file write;
# Allow dirsrv domain to interact with httpd
allow dirsrv_t httpd_t:fifo_file { write read };
--- selinux/dirsrv-admin.te 2009-10-22 14:27:21.228545844 -0700
+++ selinux/dirsrv-admin.te 2009-10-22 14:27:36.348546152 -0700
@@ -113,9 +113,6 @@
# The CGI scripts must be able to manage dirsrv-admin
dirsrvadmin_run_exec(httpd_dirsrvadmin_script_t)
dirsrvadmin_manage_config(httpd_dirsrvadmin_script_t)
-manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
-manage_dirs_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
-files_tmp_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })
# The CGI scripts must be able to manage the dirsrv
dirsrv_domtrans(httpd_dirsrvadmin_script_t)