From 2d59a828b615d8d9b6075de2878ca47345f65275 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Fri, 18 Dec 2009 10:44:49 -0500
Subject: [PATCH] Nslcd patch from Dan Walsh.

---
 policy/modules/services/nslcd.if | 9 +++++++--
 policy/modules/services/nslcd.te | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/policy/modules/services/nslcd.if b/policy/modules/services/nslcd.if
index 850897732..3563980ff 100644
--- a/policy/modules/services/nslcd.if
+++ b/policy/modules/services/nslcd.if
@@ -76,7 +76,7 @@ interface(`nslcd_stream_connect',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an nslcd environment
 ## </summary>
 ## <param name="domain">
@@ -94,6 +94,7 @@ interface(`nslcd_stream_connect',`
 interface(`nslcd_admin',`
 	gen_require(`
 		type nslcd_t, nslcd_initrc_exec_t;
+		type nslcd_conf_t, nslcd_var_run_t;
 	')
 
 	ps_process_pattern($1, nslcd_t)
@@ -105,5 +106,9 @@ interface(`nslcd_admin',`
 	role_transition $2 nslcd_initrc_exec_t system_r;
 	allow $2 system_r;
 
-	allow $1 nslcd_conf_t:file read_file_perms;
+	manage_files_pattern($1, nslcd_conf_t, nslcd_conf_t)
+
+	manage_dirs_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
+	manage_files_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
+	manage_lnk_files_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
 ')
diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te
index e93e1dfda..6d2794c39 100644
--- a/policy/modules/services/nslcd.te
+++ b/policy/modules/services/nslcd.te
@@ -1,5 +1,5 @@
 
-policy_module(nslcd, 1.0.0)
+policy_module(nslcd, 1.0.1)
 
 ########################################
 #