nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

node_exporter: various fixes

Browse Source 
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2023-03-02 01:45:33 -05:00
parent 6894aaa796
commit eaf9f15d35
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
policy/modules/services/node_exporter.te
View File

@ -25,7 +25,7 @@ logging_log_file(node_exporter_log_t)
allow node_exporter_t self:fifo_file rw_fifo_file_perms; allow node_exporter_t self:fifo_file rw_fifo_file_perms;
allow node_exporter_t self:process { getsched signal }; allow node_exporter_t self:process { getsched signal };
allow node_exporter_t self:netlink_route_socket r_netlink_socket_perms; allow node_exporter_t self:netlink_route_socket create_netlink_socket_perms;
allow node_exporter_t self:tcp_socket create_stream_socket_perms; allow node_exporter_t self:tcp_socket create_stream_socket_perms;
allow node_exporter_t self:udp_socket create_socket_perms; allow node_exporter_t self:udp_socket create_socket_perms;
@ -47,6 +47,10 @@ corenet_tcp_bind_generic_node(node_exporter_t)
dev_read_sysfs(node_exporter_t) dev_read_sysfs(node_exporter_t)
files_dontaudit_search_all_dirs(node_exporter_t)
# to read /etc/os-release
files_read_etc_files(node_exporter_t)
fs_getattr_all_fs(node_exporter_t) fs_getattr_all_fs(node_exporter_t)
init_read_state(node_exporter_t) init_read_state(node_exporter_t)
@ -58,6 +62,9 @@ kernel_read_network_state(node_exporter_t)
kernel_read_software_raid_state(node_exporter_t) kernel_read_software_raid_state(node_exporter_t)
kernel_read_system_state(node_exporter_t) kernel_read_system_state(node_exporter_t)
# to read udev state data
udev_read_runtime_files(node_exporter_t)
ifdef(`init_systemd',` ifdef(`init_systemd',`
dbus_system_bus_client(node_exporter_t) dbus_system_bus_client(node_exporter_t)