Allow AIDE to mmap files
AIDE has a compile time option WITH_MMAP which allows AIDE to map files during scanning. RHEL7 has set this option in the aide rpm they distribute. Changes made to add a tunable to enable permissions allowing aide to map files that it needs. I have set the default to false as this seems perfered (in my mind). Signed-off-by: Dave Sugar <dsugar@tresys.com>
This commit is contained in:
Sugar, David
Chris PeBenito
parent
e5b8318420
commit
59413b10b8
|
|
@ -5,6 +5,15 @@ policy_module(aide, 1.8.0)
|
|||
# Declarations
|
||||
#
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Control if AIDE can mmap files.
|
||||
## AIDE can be compiled with the option 'with-mmap' in which case it will
|
||||
## attempt to mmap files while running.
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(aide_mmap_files, false)
|
||||
|
||||
attribute_role aide_roles;
|
||||
|
||||
type aide_t;
|
||||
|
|
@ -43,6 +52,10 @@ logging_send_syslog_msg(aide_t)
|
|||
|
||||
userdom_use_user_terminals(aide_t)
|
||||
|
||||
tunable_policy(`aide_mmap_files',`
|
||||
files_map_non_auth_files(aide_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
seutil_use_newrole_fds(aide_t)
|
||||
')
|
||||
|
|
|
|||
Loading…
Reference in New Issue