Ver código fonte

atop: update policy with missing permissions

Helmut Pozimski 7 anos atrás
pai
commit
12a3653f9f
1 arquivos alterados com 4 adições e 1 exclusões
  1. 4 1
      policy/modules/atop.te

+ 4 - 1
policy/modules/atop.te

@@ -1,4 +1,4 @@
-policy_module(atop, 0.1.15)
+policy_module(atop, 0.1.17)
 
 ########################################
 #
@@ -48,6 +48,8 @@ allow atop_t self:sem associate;
 allow atop_t self:rawip_socket { create getopt };
 allow atop_t self:fifo_file { getattr ioctl read write };
 
+allow atop_t atopacct_t:sem { associate read unix_write write };
+
 manage_dirs_pattern(atop_t, atop_var_log_t, atop_var_log_t)
 append_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
 create_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
@@ -104,6 +106,7 @@ allow atopacct_t self:capability { net_admin sys_nice sys_pacct };
 allow atopacct_t self:netlink_generic_socket { bind create read setopt write };
 allow atopacct_t self:process { setsched signal };
 allow atopacct_t self:unix_dgram_socket { connect create write };
+allow atopacct_t self:sem { read unix_read };
 
 manage_dirs_pattern(atopacct_t, atopacct_var_run_t, atopacct_var_run_t)
 manage_files_pattern(atopacct_t, atopacct_var_run_t, atopacct_var_run_t)