Update selinux-knot policy

2019-07-10 11:21:54 +03:00 · 2019-07-10 11:21:54 +03:00 · bf066a6d3a
parent c0d3e57721
commit bf066a6d3a
2 changed files with 5 additions and 5 deletions
--- a/sec-policy/selinux-knot/files/knot.if
+++ b/sec-policy/selinux-knot/files/knot.if
@ -38,7 +38,7 @@ interface(`knot_domtrans_client',`
 #
 interface(`knot_run_client',`
 	gen_require(`
-	attribute_role knot_roles;
+		attribute_role knot_roles;
 	')

 	knot_domtrans_client($1)
@ -87,9 +87,9 @@ interface(`knot_admin',`
 		type knot_runtime_t, knot_tmp_t, knot_var_lib_t;
 	')

-	allow $2 knotc_t:process signal_perms;
+	allow $1 knotc_t:process signal_perms;
 	allow $1 knotd_t:process { ptrace signal_perms };
-	ps_process_pattern($2, knotc_t)
+	ps_process_pattern($1, knotc_t)
 	ps_process_pattern($1, knotd_t)

 	init_startstop_service($1, $2, knotd_t, knot_initrc_exec_t)
--- a/sec-policy/selinux-knot/files/knot.te
+++ b/sec-policy/selinux-knot/files/knot.te
@ -136,6 +136,6 @@ optional_policy(`
 		type sysadm_t;
 	')

-	knot_admin(sysadm_r, sysadm_t)
-	knot_run_client(sysadm_r, sysadm_t)
+	knot_admin(sysadm_t, sysadm_r)
+	knot_run_client(sysadm_t, sysadm_r)
 ')