diff options
| author |   Thomas Mueller <thomas@chaschperli.ch> | 2016-06-09 13:14:05 +0200 |
|---|---|---|
| committer |   Sven Vermeulen <swift@gentoo.org> | 2016-07-03 13:32:17 +0200 |
| commit | 82c3d44842260d9dc33d3ef3e813220d798e09a1 (patch) | |
| tree | b28a6407177369f52e08007af047cbfc8afa82af | |
| parent | Merge upstrean (master) (diff) | |
| download | hardened-refpolicy-82c3d448.tar.gz hardened-refpolicy-82c3d448.tar.bz2 hardened-refpolicy-82c3d448.zip | |
Allow puppet_t transtition to shorewall_t
If puppet executes /sbin/shorewall it won't transition to
shorewall_t and create log files with puppet_log_t context
instead of shorewall_log_t. If service is then managed by
init (sysv/systemd) it will fail to start.
If puppet_t is allowed to transtition to shorewall_t the
logfile will get the correct shorewall_log_t type.
| -rw-r--r-- | policy/modules/contrib/puppet.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/contrib/puppet.te b/policy/modules/contrib/puppet.te index 5fd4c8b99..adda09f83 100644 --- a/policy/modules/contrib/puppet.te +++ b/policy/modules/contrib/puppet.te @@ -200,6 +200,10 @@ optional_policy(` usermanage_domtrans_useradd(puppet_t) ') +optional_policy(` + shorewall_domtrans(puppet_t) +') + ######################################## # # Ca local policy |