RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

certbot: various fixes 

Allow acme-sh to send syslog msgs and dontaudit reading /proc.

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2022-05-17 13:47:20 -04:00
parent 308ab9f69a
commit 06319896b3
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/services/certbot.te
View File

@ -69,6 +69,7 @@ allow certbot_t certbot_log_t:file manage_file_perms;
manage_files_pattern(certbot_t, certbot_runtime_t, certbot_runtime_t)
files_runtime_filetrans(certbot_t, certbot_runtime_t, file)
kernel_dontaudit_read_system_state(certbot_t)
kernel_search_fs_sysctls(certbot_t)
corecmd_list_bin(certbot_t)
@ -108,6 +109,8 @@ userdom_use_user_ptys(certbot_t)
tunable_policy(`certbot_acmesh',`
corecmd_exec_bin(certbot_t)
corecmd_exec_shell(certbot_t)
logging_send_syslog_msg(certbot_t)
')
optional_policy(`