From: Marcin Haba <marcin.haba@bacula.pl>
Date: Wed, 8 Jul 2015 16:46:20 +0000 (+0200)
Subject: baculum: Add audit_write SELinux capability to baculum.pp module
X-Git-Tag: Release-7.2.0~31
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d5590d10227dc83e7545737b8c02f6bf0e41a334;p=bacula%2Fbacula

baculum: Add audit_write SELinux capability to baculum.pp module
---

diff --git a/gui/baculum/examples/selinux/baculum.pp b/gui/baculum/examples/selinux/baculum.pp
index b68145ea84..98d24d6dd2 100644
Binary files a/gui/baculum/examples/selinux/baculum.pp and b/gui/baculum/examples/selinux/baculum.pp differ
diff --git a/gui/baculum/examples/selinux/baculum.te b/gui/baculum/examples/selinux/baculum.te
index 131b560f37..f7394481e8 100644
--- a/gui/baculum/examples/selinux/baculum.te
+++ b/gui/baculum/examples/selinux/baculum.te
@@ -12,6 +12,7 @@ require {
 	class dir { search read write create getattr };
 	class file { read write create getattr open execute };
 	class netlink_audit_socket { write nlmsg_relay create read };
+	class capability { audit_write };
 }
 
 #============= httpd_t ==============
@@ -27,3 +28,4 @@ allow httpd_t sudo_exec_t:file { read execute open };
 allow httpd_t httpd_cache_t:dir { read create };
 allow httpd_t httpd_cache_t:file { read write create };
 allow httpd_t self:netlink_audit_socket { write nlmsg_relay create read };
+allow httpd_t self:capability { audit_write };