diff options
author | Thomas Mueller <thomas@chaschperli.ch> | 2016-06-09 13:14:05 +0200 |
---|---|---|
committer | Sven Vermeulen <swift@gentoo.org> | 2016-07-03 13:32:17 +0200 |
commit | 82c3d44842260d9dc33d3ef3e813220d798e09a1 (patch) | |
tree | b28a6407177369f52e08007af047cbfc8afa82af | |
parent | Merge upstrean (master) (diff) | |
download | hardened-refpolicy-82c3d448.tar.gz hardened-refpolicy-82c3d448.tar.bz2 hardened-refpolicy-82c3d448.zip |
Allow puppet_t transtition to shorewall_t
If puppet executes /sbin/shorewall it won't transition to
shorewall_t and create log files with puppet_log_t context
instead of shorewall_log_t. If service is then managed by
init (sysv/systemd) it will fail to start.
If puppet_t is allowed to transtition to shorewall_t the
logfile will get the correct shorewall_log_t type.
-rw-r--r-- | policy/modules/contrib/puppet.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/contrib/puppet.te b/policy/modules/contrib/puppet.te index 5fd4c8b99..adda09f83 100644 --- a/policy/modules/contrib/puppet.te +++ b/policy/modules/contrib/puppet.te @@ -200,6 +200,10 @@ optional_policy(` usermanage_domtrans_useradd(puppet_t) ') +optional_policy(` + shorewall_domtrans(puppet_t) +') + ######################################## # # Ca local policy |