Fix the cups_read_pid_files() interface to use read_files_pattern

Until now, just allow rule to read was present, not giving the search access to the parent directory. Resolves: RHEL-69517
zpytela · Dec 12, 2024 · 2568ae5 · 2568ae5
1 parent ec5e8a2
commit 2568ae5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
@@ -124,7 +124,7 @@ interface(`cups_read_pid_files',`
 	')
 
 	files_search_pids($1)
-	allow $1 cupsd_var_run_t:file read_file_perms;
+	read_files_pattern($1, cupsd_var_run_t, cupsd_var_run_t)
 ')
 
 ########################################