From 820ba61d9ba4025fbe2f8d7299f16144ac08f733 Mon Sep 17 00:00:00 2001 From: Jeremy Solt Date: Fri, 12 Nov 2010 15:28:43 -0500 Subject: [PATCH] smokeping patch from Dan Walsh "smokeping tries to read shadow" --- policy/modules/services/smokeping.if | 4 ++-- policy/modules/services/smokeping.te | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/policy/modules/services/smokeping.if b/policy/modules/services/smokeping.if index 824d206e2..82652781b 100644 --- a/policy/modules/services/smokeping.if +++ b/policy/modules/services/smokeping.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run smokeping. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`smokeping_domtrans',` diff --git a/policy/modules/services/smokeping.te b/policy/modules/services/smokeping.te index 4ca544913..c1add55c5 100644 --- a/policy/modules/services/smokeping.te +++ b/policy/modules/services/smokeping.te @@ -23,6 +23,7 @@ files_type(smokeping_var_lib_t) # smokeping local policy # +dontaudit smokeping_t self:capability { dac_read_search dac_override }; allow smokeping_t self:fifo_file rw_fifo_file_perms; allow smokeping_t self:udp_socket create_socket_perms; allow smokeping_t self:unix_stream_socket create_stream_socket_perms; @@ -44,6 +45,7 @@ files_read_usr_files(smokeping_t) files_search_tmp(smokeping_t) auth_use_nsswitch(smokeping_t) +auth_dontaudit_read_shadow(smokeping_t) logging_send_syslog_msg(smokeping_t) @@ -63,6 +65,7 @@ optional_policy(` allow httpd_smokeping_cgi_script_t self:udp_socket create_socket_perms; + manage_dirs_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t) manage_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t) getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)