--- serefpolicy-2.4.6/policy/modules/services/cyrus.te~ 2009-09-21 10:46:03.000000000 +0200 +++ serefpolicy-2.4.6/policy/modules/services/cyrus.te 2009-09-21 10:48:32.000000000 +0200 @@ -146,6 +146,7 @@ optional_policy(` snmp_read_snmp_var_lib_files(cyrus_t) + snmp_stream_connect(cyrus_t) snmp_dontaudit_write_snmp_var_lib_files(cyrus_t) ') --- serefpolicy-2.4.6/policy/modules/services/snmp.if~ 2009-09-21 10:45:43.000000000 +0200 +++ serefpolicy-2.4.6/policy/modules/services/snmp.if 2009-09-21 10:48:09.000000000 +0200 @@ -82,3 +82,22 @@ ') dontaudit $1 snmpd_var_lib_t:file write; ') + +####################################### +## <summary> +## Connect to snmpd using a unix domain stream socket. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`snmp_stream_connect',` + gen_require(` + type snmpd_t, snmpd_var_lib_t; + ') + + files_search_var_lib($1) + stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t) +')