Don't forget the unix_stream_socket.

2014-07-18 20:09:15 +00:00 · 2014-07-18 20:09:15 +00:00 · 620beb87f3
commit 620beb87f3
parent dc234b10bf
3 changed files with 4 additions and 1 deletions
--- a/roles/collectd/base/files/selinux/fi-collectd.mod
+++ b/roles/collectd/base/files/selinux/fi-collectd.mod
--- a/roles/collectd/base/files/selinux/fi-collectd.pp
+++ b/roles/collectd/base/files/selinux/fi-collectd.pp
--- a/roles/collectd/base/files/selinux/fi-collectd.te
+++ b/roles/collectd/base/files/selinux/fi-collectd.te
@ -1,13 +1,15 @@

-module fi-collectd 1.5;
+module fi-collectd 1.6;

 require {
 	type var_run_t;
 	type bin_t;
 	type configfs_t;
+	type init_t;
 	type pstorefs_t;
 	type collectd_t;
 	class sock_file { read write getattr };
+	class unix_stream_socket connectto;
 	class capability { setuid dac_read_search sys_ptrace setgid dac_override };
 	class file { read execute execute_no_trans };
 	class dir getattr;
@ -16,6 +18,7 @@ require {
 #============= collectd_t ==============
 allow collectd_t bin_t:file { execute execute_no_trans };
 allow collectd_t configfs_t:dir getattr;
+allow collectd_t init_t:unix_stream_socket connectto;
 allow collectd_t pstorefs_t:dir getattr;
 allow collectd_t self:capability { setuid dac_read_search sys_ptrace setgid dac_override };
 allow collectd_t var_run_t:sock_file { read write getattr };