certbot: various fixes
Allow acme-sh to send syslog msgs and dontaudit reading /proc. Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
308ab9f69a
commit
06319896b3
@ -69,6 +69,7 @@ allow certbot_t certbot_log_t:file manage_file_perms;
|
||||
manage_files_pattern(certbot_t, certbot_runtime_t, certbot_runtime_t)
|
||||
files_runtime_filetrans(certbot_t, certbot_runtime_t, file)
|
||||
|
||||
kernel_dontaudit_read_system_state(certbot_t)
|
||||
kernel_search_fs_sysctls(certbot_t)
|
||||
|
||||
corecmd_list_bin(certbot_t)
|
||||
@ -108,6 +109,8 @@ userdom_use_user_ptys(certbot_t)
|
||||
tunable_policy(`certbot_acmesh',`
|
||||
corecmd_exec_bin(certbot_t)
|
||||
corecmd_exec_shell(certbot_t)
|
||||
|
||||
logging_send_syslog_msg(certbot_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
Loading…
Reference in New Issue
Block a user