|
@@ -1,4 +1,4 @@
|
|
-policy_module(atop, 0.1.15)
|
|
|
|
|
|
+policy_module(atop, 0.1.17)
|
|
|
|
|
|
########################################
|
|
########################################
|
|
#
|
|
#
|
|
@@ -48,6 +48,8 @@ allow atop_t self:sem associate;
|
|
allow atop_t self:rawip_socket { create getopt };
|
|
allow atop_t self:rawip_socket { create getopt };
|
|
allow atop_t self:fifo_file { getattr ioctl read write };
|
|
allow atop_t self:fifo_file { getattr ioctl read write };
|
|
|
|
|
|
|
|
+allow atop_t atopacct_t:sem { associate read unix_write write };
|
|
|
|
+
|
|
manage_dirs_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
manage_dirs_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
append_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
append_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
create_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
create_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
@@ -104,6 +106,7 @@ allow atopacct_t self:capability { net_admin sys_nice sys_pacct };
|
|
allow atopacct_t self:netlink_generic_socket { bind create read setopt write };
|
|
allow atopacct_t self:netlink_generic_socket { bind create read setopt write };
|
|
allow atopacct_t self:process { setsched signal };
|
|
allow atopacct_t self:process { setsched signal };
|
|
allow atopacct_t self:unix_dgram_socket { connect create write };
|
|
allow atopacct_t self:unix_dgram_socket { connect create write };
|
|
|
|
+allow atopacct_t self:sem { read unix_read };
|
|
|
|
|
|
manage_dirs_pattern(atopacct_t, atopacct_var_run_t, atopacct_var_run_t)
|
|
manage_dirs_pattern(atopacct_t, atopacct_var_run_t, atopacct_var_run_t)
|
|
manage_files_pattern(atopacct_t, atopacct_var_run_t, atopacct_var_run_t)
|
|
manage_files_pattern(atopacct_t, atopacct_var_run_t, atopacct_var_run_t)
|