certbot: various fixes
Allow acme-sh to send syslog msgs and dontaudit reading /proc. Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
308ab9f69a
commit
06319896b3
@ -69,6 +69,7 @@ allow certbot_t certbot_log_t:file manage_file_perms;
|
|||||||
manage_files_pattern(certbot_t, certbot_runtime_t, certbot_runtime_t)
|
manage_files_pattern(certbot_t, certbot_runtime_t, certbot_runtime_t)
|
||||||
files_runtime_filetrans(certbot_t, certbot_runtime_t, file)
|
files_runtime_filetrans(certbot_t, certbot_runtime_t, file)
|
||||||
|
|
||||||
|
kernel_dontaudit_read_system_state(certbot_t)
|
||||||
kernel_search_fs_sysctls(certbot_t)
|
kernel_search_fs_sysctls(certbot_t)
|
||||||
|
|
||||||
corecmd_list_bin(certbot_t)
|
corecmd_list_bin(certbot_t)
|
||||||
@ -108,6 +109,8 @@ userdom_use_user_ptys(certbot_t)
|
|||||||
tunable_policy(`certbot_acmesh',`
|
tunable_policy(`certbot_acmesh',`
|
||||||
corecmd_exec_bin(certbot_t)
|
corecmd_exec_bin(certbot_t)
|
||||||
corecmd_exec_shell(certbot_t)
|
corecmd_exec_shell(certbot_t)
|
||||||
|
|
||||||
|
logging_send_syslog_msg(certbot_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
Loading…
Reference in New Issue
Block a user