Update fedmsg selinux module to allow new logging stuff.

2014-03-03 16:49:34 +00:00 · 2014-03-03 16:49:34 +00:00 · dc9e28cd43
commit dc9e28cd43
parent 72f327b1dd
3 changed files with 11 additions and 1 deletions
--- a/roles/fedmsg_base/files/selinux/fedmsg.mod
+++ b/roles/fedmsg_base/files/selinux/fedmsg.mod
--- a/roles/fedmsg_base/files/selinux/fedmsg.pp
+++ b/roles/fedmsg_base/files/selinux/fedmsg.pp
--- a/roles/fedmsg_base/files/selinux/fedmsg.te
+++ b/roles/fedmsg_base/files/selinux/fedmsg.te
@ -1,5 +1,5 @@

-module fedmsg 1.0;
+module fedmsg 1.1;

 require {
 	type anon_inodefs_t;
@ -7,5 +7,15 @@ require {
 	class file write;
 }

+require {
+	type ptmx_t;
+	type httpd_t;
+	class chr_file getattr;
+}
+
 #============= httpd_t ==============
+# For basic port binding
 allow httpd_t anon_inodefs_t:file write;
+# So that psutil can work from /etc/fedmsg.d/logging.py
+allow httpd_t ptmx_t:chr_file getattr;
+