baculum: Update SELinux policy module

diff --git a/gui/baculum/examples/selinux/baculum.pp b/gui/baculum/examples/selinux/baculum.pp
index 98d24d6dd2a970b38cd662ac99965a3d96144291..9c145b1ecb0eb67ce35394ee8d4205cc9e2ca85a 100644 (file)
Binary files a/gui/baculum/examples/selinux/baculum.pp and b/gui/baculum/examples/selinux/baculum.pp differ

diff --git a/gui/baculum/examples/selinux/baculum.te b/gui/baculum/examples/selinux/baculum.te
index f7394481e85cc556770679b4d31f75a3e5086017..907d6606cf0b07e20c4b19a2a6f3bfe5dfaa0063 100644 (file)
--- a/gui/baculum/examples/selinux/baculum.te
+++ b/gui/baculum/examples/selinux/baculum.te
@@ -6,13 +6,14 @@ require {
        type httpd_t;
        type bacula_etc_t;
        type unreserved_port_t;
+       type hplip_port_t;
        type sudo_exec_t;
        type httpd_cache_t;
        class tcp_socket { name_bind name_connect };
        class dir { search read write create getattr };
        class file { read write create getattr open execute };
        class netlink_audit_socket { write nlmsg_relay create read };
-       class capability { audit_write };
+       class capability { audit_write sys_resource };
 }
 
 #============= httpd_t ==============
@@ -21,6 +22,7 @@ allow httpd_t mysqld_port_t:tcp_socket name_connect;
 allow httpd_t postgresql_port_t:tcp_socket name_connect;
 allow httpd_t unreserved_port_t:tcp_socket name_bind;
 allow httpd_t unreserved_port_t:tcp_socket name_connect;
+allow httpd_t hplip_port_t:tcp_socket name_connect;
 allow httpd_t bacula_etc_t:dir search;
 allow httpd_t bacula_etc_t:file getattr;
 allow httpd_t bacula_etc_t:file { read open };
@@ -28,4 +30,4 @@ allow httpd_t sudo_exec_t:file { read execute open };
 allow httpd_t httpd_cache_t:dir { read create };
 allow httpd_t httpd_cache_t:file { read write create };
 allow httpd_t self:netlink_audit_socket { write nlmsg_relay create read };
-allow httpd_t self:capability { audit_write };
+allow httpd_t self:capability { audit_write sys_resource };