baculum: Add audit_write SELinux capability to baculum.pp module

author Marcin Haba <marcin.haba@bacula.pl>

Wed, 8 Jul 2015 16:46:20 +0000 (18:46 +0200)

committer Eric Bollengier <eric@baculasystems.com>

Thu, 13 Aug 2015 06:51:50 +0000 (08:51 +0200)
author Marcin Haba <marcin.haba@bacula.pl>
Wed, 8 Jul 2015 16:46:20 +0000 (18:46 +0200)
committer Eric Bollengier <eric@baculasystems.com>
Thu, 13 Aug 2015 06:51:50 +0000 (08:51 +0200)
diff --git a/gui/baculum/examples/selinux/baculum.pp b/gui/baculum/examples/selinux/baculum.pp

index b68145ea8422d985d9d857bf1ea470b1ac70ebf1..98d24d6dd2a970b38cd662ac99965a3d96144291 100644 (file)

Binary files a/gui/baculum/examples/selinux/baculum.pp and b/gui/baculum/examples/selinux/baculum.pp differ
diff --git a/gui/baculum/examples/selinux/baculum.te b/gui/baculum/examples/selinux/baculum.te

index 131b560f379c64a1b633d46b82f6051891b82e21..f7394481e85cc556770679b4d31f75a3e5086017 100644 (file)
--- a/gui/baculum/examples/selinux/baculum.te
+++ b/gui/baculum/examples/selinux/baculum.te
@@ -12,6 +12,7 @@ require {
         class dir { search read write create getattr };
         class file { read write create getattr open execute };
         class netlink_audit_socket { write nlmsg_relay create read };
+       class capability { audit_write };
  }
  
  #============= httpd_t ==============
@@ -27,3 +28,4 @@ allow httpd_t sudo_exec_t:file { read execute open };
  allow httpd_t httpd_cache_t:dir { read create };
  allow httpd_t httpd_cache_t:file { read write create };
  allow httpd_t self:netlink_audit_socket { write nlmsg_relay create read };
+allow httpd_t self:capability { audit_write };
author	Marcin Haba <marcin.haba@bacula.pl>
	Wed, 8 Jul 2015 16:46:20 +0000 (18:46 +0200)
committer	Eric Bollengier <eric@baculasystems.com>
	Thu, 13 Aug 2015 06:51:50 +0000 (08:51 +0200)
gui/baculum/examples/selinux/baculum.pp		patch \| blob \| history
gui/baculum/examples/selinux/baculum.te		patch \| blob \| history