|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(atop, 0.1.11)
|
|
|
+policy_module(atop, 0.1.12)
|
|
|
|
|
|
########################################
|
|
|
#
|
|
|
@@ -30,13 +30,12 @@ files_type(atop_var_cache_t)
|
|
|
#
|
|
|
|
|
|
allow atop_t atop_exec_t:file execute_no_trans;
|
|
|
-allow atop_t self:capability { setuid sys_nice sys_resource ipc_lock sys_pacct dac_override };
|
|
|
-allow atop_t self:process { setsched sigkill setrlimit };
|
|
|
+allow atop_t self:capability { setuid sys_nice sys_resource ipc_lock sys_pacct dac_override net_raw sys_ptrace };
|
|
|
+allow atop_t self:process { setsched sigkill setrlimit setpgid };
|
|
|
allow atop_t self:sem { write read create unix_write unix_read };
|
|
|
allow atop_t self:udp_socket { create ioctl };
|
|
|
allow atop_t self:sem associate;
|
|
|
-allow atop_t self:capability sys_ptrace;
|
|
|
-allow atop_t self:rawip_socket create;
|
|
|
+allow atop_t self:rawip_socket { create getopt };
|
|
|
|
|
|
manage_dirs_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
|
append_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
|
|
|
@@ -61,7 +60,7 @@ optional_policy(`
|
|
|
gen_require(`
|
|
|
type initrc_t;
|
|
|
')
|
|
|
- allow atop_t initrc_t:sem associate;
|
|
|
+ allow atop_t initrc_t:sem { read unix_write write associate };
|
|
|
')
|
|
|
|
|
|
userdom_getattr_user_home_dirs(atop_t)
|
|
|
@@ -85,3 +84,5 @@ miscfiles_read_localization(atop_t)
|
|
|
dev_getattr_lvm_control(atop_t)
|
|
|
|
|
|
cron_system_entry(atop_t, atop_exec_t)
|
|
|
+
|
|
|
+init_read_utmp(atop_t)
|
