millerson.name
/
gentoo-overlay
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Update selinux-knot policy

This commit is contained in:
Alexander Miroshnichenko 2019-07-10 11:21:54 +03:00
parent c0d3e57721
commit bf066a6d3a
Signed by: alex
GPG Key ID: E93720C6C73A77F4
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sec-policy/selinux-knot/files/knot.if
View File

@ -38,7 +38,7 @@ interface(`knot_domtrans_client',`
# #
interface(`knot_run_client',` interface(`knot_run_client',`
gen_require(` gen_require(`
attribute_role knot_roles; attribute_role knot_roles;
') ')
knot_domtrans_client($1) knot_domtrans_client($1)
@ -87,9 +87,9 @@ interface(`knot_admin',`
type knot_runtime_t, knot_tmp_t, knot_var_lib_t; type knot_runtime_t, knot_tmp_t, knot_var_lib_t;
') ')
allow $2 knotc_t:process signal_perms; allow $1 knotc_t:process signal_perms;
allow $1 knotd_t:process { ptrace signal_perms }; allow $1 knotd_t:process { ptrace signal_perms };
ps_process_pattern($2, knotc_t) ps_process_pattern($1, knotc_t)
ps_process_pattern($1, knotd_t) ps_process_pattern($1, knotd_t)
init_startstop_service($1, $2, knotd_t, knot_initrc_exec_t) init_startstop_service($1, $2, knotd_t, knot_initrc_exec_t)

4
sec-policy/selinux-knot/files/knot.te
View File

@ -136,6 +136,6 @@ optional_policy(`
type sysadm_t; type sysadm_t;
') ')
knot_admin(sysadm_r, sysadm_t) knot_admin(sysadm_t, sysadm_r)
knot_run_client(sysadm_r, sysadm_t) knot_run_client(sysadm_t, sysadm_r)
') ')