Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Collectd: add one more selinux permission

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2023-05-26 14:54:32 +02:00
parent 33d6594397
commit 45ad0573f3
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
roles/collectd/base/files/selinux/fi-collectd.mod
View file

Binary file not shown.

BIN
roles/collectd/base/files/selinux/fi-collectd.pp
View file

Binary file not shown.

6
roles/collectd/base/files/selinux/fi-collectd.te
View file

@ -1,4 +1,4 @@
module fi-collectd 1.11.0; module fi-collectd 1.11.1;
require { require {
type shell_exec_t; type shell_exec_t;
@ -22,7 +22,7 @@ require {
class lnk_file read; class lnk_file read;
class sock_file { read write getattr }; class sock_file { read write getattr };
class unix_stream_socket connectto; class unix_stream_socket connectto;
class netlink_generic_socket create; class netlink_generic_socket { create bind };
} }
#============= collectd_t ============== #============= collectd_t ==============
@ -41,4 +41,4 @@ allow collectd_t var_run_t:sock_file { read write getattr };
allow collectd_t anon_inodefs_t:file { write read }; allow collectd_t anon_inodefs_t:file { write read };
allow collectd_t initrc_t:unix_stream_socket connectto; allow collectd_t initrc_t:unix_stream_socket connectto;
allow collectd_t proc_net_t:lnk_file read; allow collectd_t proc_net_t:lnk_file read;
allow collectd_t self:netlink_generic_socket create; allow collectd_t self:netlink_generic_socket { create bind };