From 28bd3996a770f1a1c7824a182b205001f1dfb257 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Fri, 18 Jul 2014 20:00:58 +0000 Subject: [PATCH] This has to be the last one.. --- .../base/files/selinux/fi-collectd.mod | Bin 1612 -> 1636 bytes .../base/files/selinux/fi-collectd.pp | Bin 1628 -> 1652 bytes .../base/files/selinux/fi-collectd.te | 6 +++--- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/collectd/base/files/selinux/fi-collectd.mod b/roles/collectd/base/files/selinux/fi-collectd.mod index 9247a19bf7b0c1d616201854a6ab8d8065af3a83..83b8da15db99f07383dd7956e595c6f56312630e 100644 GIT binary patch delta 69 zcmX@Z^Mq%D1EcXo#~@Z_1_lP^i8ItB1V9W128Ps%)a25V)cCyo_>!W;yyA`fgqRrF XHeY1A&Nx|tg=caN6VK)YEIo_>jD{2V delta 42 ycmaFDbB1Sv1EbMI#~@ZF1_lPEi8ItTUK3(sWSZ>D?7Ufrc?u&V^X7vrix~j`_Y0!{ diff --git a/roles/collectd/base/files/selinux/fi-collectd.pp b/roles/collectd/base/files/selinux/fi-collectd.pp index 67a5db1f6ffef727c6cb41589bd5719c3f77327a..ea6ef6d3808b6d0da382fce1c50ad899ea669100 100644 GIT binary patch delta 69 zcmcb^^Mz+Z0Hg85z#vv;1_lP^i7V731V9W128Ps%)a25V)cCyo_>!W;yyA`LgqRrF XHa}##&N$hCg=caP6VK)gEIo_>qxKY- delta 42 ycmeyubBAX_0He{wz#vv81_lPEi7V7LJ`-YMWSShy?7Z2Ac?u&V^X7{zix~kACk!(H diff --git a/roles/collectd/base/files/selinux/fi-collectd.te b/roles/collectd/base/files/selinux/fi-collectd.te index b3a7375621..51bc23d090 100644 --- a/roles/collectd/base/files/selinux/fi-collectd.te +++ b/roles/collectd/base/files/selinux/fi-collectd.te @@ -1,5 +1,5 @@ -module fi-collectd 1.2; +module fi-collectd 1.3; require { type bin_t; @@ -7,12 +7,12 @@ require { type pstorefs_t; type collectd_t; class capability { setuid dac_read_search sys_ptrace setgid dac_override }; - class file { read execute }; + class file { read execute execute_no_trans }; class dir getattr; } #============= collectd_t ============== -allow collectd_t bin_t:file execute; +allow collectd_t bin_t:file { execute execute_no_trans }; allow collectd_t configfs_t:dir getattr; allow collectd_t pstorefs_t:dir getattr; allow collectd_t self:capability { setuid dac_read_search sys_ptrace setgid dac_override };