From: Marcin Haba Date: Sat, 28 Nov 2015 16:03:00 +0000 (+0100) Subject: baculum: Update SELinux policy module X-Git-Tag: Release-7.4.0~156 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9a2a23e0eb83f4273b2b5c8a32f55af8a6230934;p=bacula%2Fbacula baculum: Update SELinux policy module --- diff --git a/gui/baculum/examples/selinux/baculum.pp b/gui/baculum/examples/selinux/baculum.pp index 98d24d6dd2..9c145b1ecb 100644 Binary files a/gui/baculum/examples/selinux/baculum.pp and b/gui/baculum/examples/selinux/baculum.pp differ diff --git a/gui/baculum/examples/selinux/baculum.te b/gui/baculum/examples/selinux/baculum.te index f7394481e8..907d6606cf 100644 --- a/gui/baculum/examples/selinux/baculum.te +++ b/gui/baculum/examples/selinux/baculum.te @@ -6,13 +6,14 @@ require { type httpd_t; type bacula_etc_t; type unreserved_port_t; + type hplip_port_t; type sudo_exec_t; type httpd_cache_t; class tcp_socket { name_bind name_connect }; class dir { search read write create getattr }; class file { read write create getattr open execute }; class netlink_audit_socket { write nlmsg_relay create read }; - class capability { audit_write }; + class capability { audit_write sys_resource }; } #============= httpd_t ============== @@ -21,6 +22,7 @@ allow httpd_t mysqld_port_t:tcp_socket name_connect; allow httpd_t postgresql_port_t:tcp_socket name_connect; allow httpd_t unreserved_port_t:tcp_socket name_bind; allow httpd_t unreserved_port_t:tcp_socket name_connect; +allow httpd_t hplip_port_t:tcp_socket name_connect; allow httpd_t bacula_etc_t:dir search; allow httpd_t bacula_etc_t:file getattr; allow httpd_t bacula_etc_t:file { read open }; @@ -28,4 +30,4 @@ allow httpd_t sudo_exec_t:file { read execute open }; allow httpd_t httpd_cache_t:dir { read create }; allow httpd_t httpd_cache_t:file { read write create }; allow httpd_t self:netlink_audit_socket { write nlmsg_relay create read }; -allow httpd_t self:capability { audit_write }; +allow httpd_t self:capability { audit_write sys_resource };