nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

smokeping patch from Dan Walsh

Browse Source 
"smokeping tries to read shadow"
This commit is contained in:
Jeremy Solt 2010-11-12 15:28:43 -05:00 committed by Chris PeBenito
parent 781393fbe9
commit 820ba61d9b
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/services/smokeping.te
View File

@ -23,6 +23,7 @@ files_type(smokeping_var_lib_t)
# smokeping local policy
#
dontaudit smokeping_t self:capability { dac_read_search dac_override };
allow smokeping_t self:fifo_file rw_fifo_file_perms;
allow smokeping_t self:udp_socket create_socket_perms;
allow smokeping_t self:unix_stream_socket create_stream_socket_perms;
@ -44,6 +45,7 @@ files_read_usr_files(smokeping_t)
files_search_tmp(smokeping_t)
auth_use_nsswitch(smokeping_t)
auth_dontaudit_read_shadow(smokeping_t)
logging_send_syslog_msg(smokeping_t)
@ -63,6 +65,7 @@ optional_policy(`
allow httpd_smokeping_cgi_script_t self:udp_socket create_socket_perms;
manage_dirs_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
manage_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)