Move all ulogd networking into the mysql and postgres optionals.

This commit is contained in:
Chris PeBenito 2010-11-19 11:39:36 -05:00
parent a00839dcc1
commit b9a562446d
1 changed files with 8 additions and 5 deletions

View File

@ -31,9 +31,6 @@ logging_log_file(ulogd_var_log_t)
allow ulogd_t self:capability net_admin; allow ulogd_t self:capability net_admin;
allow ulogd_t self:netlink_nflog_socket create_socket_perms; allow ulogd_t self:netlink_nflog_socket create_socket_perms;
allow ulogd_t self:netlink_route_socket r_netlink_socket_perms;
allow ulogd_t self:tcp_socket { create_stream_socket_perms connect };
allow ulogd_t self:udp_socket create_socket_perms;
# config files # config files
read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t) read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
@ -51,14 +48,20 @@ files_read_usr_files(ulogd_t)
miscfiles_read_localization(ulogd_t) miscfiles_read_localization(ulogd_t)
sysnet_dns_name_resolve(ulogd_t)
optional_policy(` optional_policy(`
allow ulogd_t self:tcp_socket create_stream_socket_perms;
mysql_stream_connect(ulogd_t) mysql_stream_connect(ulogd_t)
mysql_tcp_connect(ulogd_t) mysql_tcp_connect(ulogd_t)
sysnet_dns_name_resolve(ulogd_t)
') ')
optional_policy(` optional_policy(`
allow ulogd_t self:tcp_socket create_stream_socket_perms;
postgresql_stream_connect(ulogd_t) postgresql_stream_connect(ulogd_t)
postgresql_tcp_connect(ulogd_t) postgresql_tcp_connect(ulogd_t)
sysnet_dns_name_resolve(ulogd_t)
') ')