Merge pull request #369 from jpds/irc-sock-and-screen-fixes

policy/modules/apps/irc.te

@@ -40,7 +40,7 @@ userdom_user_tmp_file(irc_tmp_t)
 
 allow irc_t self:process { getsched signal sigkill };
 allow irc_t self:fifo_file rw_fifo_file_perms;
-allow irc_t self:unix_dgram_socket create_socket_perms;
+allow irc_t self:unix_dgram_socket { create_socket_perms sendto };
 allow irc_t self:unix_stream_socket { accept listen };
 
 allow irc_t irc_conf_t:file read_file_perms;
@@ -132,6 +132,10 @@ tunable_policy(`use_samba_home_dirs',`
 	fs_manage_cifs_symlinks(irc_t)
 ')
 
+optional_policy(`
+	screen_execute_sock_file(irc_t)
+')
+
 optional_policy(`
 	seutil_use_newrole_fds(irc_t)
 ')

policy/modules/apps/screen.if

@@ -90,3 +90,22 @@ template(`screen_role_template',`
 		fs_nfs_domtrans($1_screen_t, $3)
 	')
 ')
+
+########################################
+## <summary>
+##      Execute the screen runtime sock file.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+interface(`screen_execute_sock_file',`
+	gen_require(`
+		type screen_tmp_t;
+		type screen_runtime_t;
+	')
+
+	allow $1 screen_runtime_t:sock_file execute;
+	allow $1 screen_tmp_t:dir search;
+')