From 2568ae592be92a3ccb6b9f1124e2a29dec2e69de Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Thu, 12 Dec 2024 18:39:00 +0100
Subject: [PATCH] Fix the cups_read_pid_files() interface to use
 read_files_pattern

Until now, just allow rule to read was present, not giving the
search access to the parent directory.

Resolves: RHEL-69517
---
 policy/modules/contrib/cups.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
index cd69867d1b..b1282ff550 100644
--- a/policy/modules/contrib/cups.if
+++ b/policy/modules/contrib/cups.if
@@ -124,7 +124,7 @@ interface(`cups_read_pid_files',`
 	')
 
 	files_search_pids($1)
-	allow $1 cupsd_var_run_t:file read_file_perms;
+	read_files_pattern($1, cupsd_var_run_t, cupsd_var_run_t)
 ')
 
 ########################################