diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-08-30 22:15:48 +0200 |
---|---|---|
committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-08-30 22:15:48 +0200 |
commit | 02fa620d3ded0f4b2eeca78cb7c6bb13542c19af (patch) | |
tree | f568646ef4003c4d3e47fe47b9b10c419f79998f | |
parent | Allow salt minions to shut down the system (diff) | |
download | hardened-refpolicy-02fa620d3ded0f4b2eeca78cb7c6bb13542c19af.tar.gz hardened-refpolicy-02fa620d3ded0f4b2eeca78cb7c6bb13542c19af.tar.bz2 hardened-refpolicy-02fa620d3ded0f4b2eeca78cb7c6bb13542c19af.zip |
Updates on salt policy - interaction with postfix
-rw-r--r-- | policy/modules/contrib/salt.te | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te index 180305f06..279edfba5 100644 --- a/policy/modules/contrib/salt.te +++ b/policy/modules/contrib/salt.te @@ -200,7 +200,7 @@ tunable_policy(`salt_master_read_nfs',` allow salt_minion_t self:capability { fsetid chown net_admin sys_admin sys_tty_config }; allow salt_minion_t self:capability2 block_suspend; -allow salt_minion_t self:process { signull }; +allow salt_minion_t self:process { signal signull }; allow salt_minion_t self:tcp_socket create_stream_socket_perms; allow salt_minion_t self:udp_socket create_socket_perms; allow salt_minion_t self:unix_dgram_socket create_socket_perms; @@ -277,8 +277,12 @@ fs_getattr_all_fs(salt_minion_t) getty_use_fds(salt_minion_t) +init_exec_rc(salt_minion_t) + miscfiles_read_localization(salt_minion_t) +seutil_domtrans_setfiles(salt_minion_t) + sysnet_exec_ifconfig(salt_minion_t) sysnet_read_config(salt_minion_t) @@ -298,6 +302,11 @@ optional_policy(` ') optional_policy(` + postfix_domtrans_master(salt_minion_t) + postfix_run_map(salt_minion_t, salt_minion_roles) +') + +optional_policy(` shutdown_domtrans(salt_minion_t) ') |