From 8479a8400fe1b7583814356e74e9cf1c35da1dd9 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 27 Oct 2022 16:34:31 +0200
Subject: [PATCH] Allow dirsrv_snmp_t to manage dirsrv_config_t &
 dirsrv_var_run_t files

Allow LDAP-agent to manage files in directories /etc/dirsrv/ and /var/run/dirsrv.

Resolves: rhbz#2042515
---
 policy/modules/contrib/dirsrv.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/contrib/dirsrv.te b/policy/modules/contrib/dirsrv.te
index feeea4467f..9865382c87 100644
--- a/policy/modules/contrib/dirsrv.te
+++ b/policy/modules/contrib/dirsrv.te
@@ -189,9 +189,9 @@ allow dirsrv_snmp_t self:fifo_file rw_fifo_file_perms;
 
 rw_files_pattern(dirsrv_snmp_t, dirsrv_tmpfs_t, dirsrv_tmpfs_t)
 
-read_files_pattern(dirsrv_snmp_t, dirsrv_var_run_t, dirsrv_var_run_t)
+manage_files_pattern(dirsrv_snmp_t, dirsrv_var_run_t, dirsrv_var_run_t)
 
-read_files_pattern(dirsrv_snmp_t, dirsrv_config_t, dirsrv_config_t)
+manage_files_pattern(dirsrv_snmp_t, dirsrv_config_t, dirsrv_config_t)
 
 manage_files_pattern(dirsrv_snmp_t, dirsrv_snmp_var_run_t, dirsrv_snmp_var_run_t)
 files_pid_filetrans(dirsrv_snmp_t, dirsrv_snmp_var_run_t, { file sock_file })