diff --git a/roles/collectd/base/files/selinux/fi-collectd.mod b/roles/collectd/base/files/selinux/fi-collectd.mod index 9f77dcfb39..ba2404df1d 100644 Binary files a/roles/collectd/base/files/selinux/fi-collectd.mod and b/roles/collectd/base/files/selinux/fi-collectd.mod differ diff --git a/roles/collectd/base/files/selinux/fi-collectd.pp b/roles/collectd/base/files/selinux/fi-collectd.pp index 645bc0651d..33574ab37b 100644 Binary files a/roles/collectd/base/files/selinux/fi-collectd.pp and b/roles/collectd/base/files/selinux/fi-collectd.pp differ diff --git a/roles/collectd/base/files/selinux/fi-collectd.te b/roles/collectd/base/files/selinux/fi-collectd.te index b1ceef9244..14526f9e52 100644 --- a/roles/collectd/base/files/selinux/fi-collectd.te +++ b/roles/collectd/base/files/selinux/fi-collectd.te @@ -1,13 +1,15 @@ -module fi-collectd 1.5; +module fi-collectd 1.6; require { type var_run_t; type bin_t; type configfs_t; + type init_t; type pstorefs_t; type collectd_t; class sock_file { read write getattr }; + class unix_stream_socket connectto; class capability { setuid dac_read_search sys_ptrace setgid dac_override }; class file { read execute execute_no_trans }; class dir getattr; @@ -16,6 +18,7 @@ require { #============= collectd_t ============== allow collectd_t bin_t:file { execute execute_no_trans }; allow collectd_t configfs_t:dir getattr; +allow collectd_t init_t:unix_stream_socket connectto; allow collectd_t pstorefs_t:dir getattr; allow collectd_t self:capability { setuid dac_read_search sys_ptrace setgid dac_override }; allow collectd_t var_run_t:sock_file { read write getattr };