diff options
author | Adam Tkac <adam.tkac@gooddata.com> | 2016-06-21 15:08:33 +0200 |
---|---|---|
committer | Sven Vermeulen <swift@gentoo.org> | 2016-07-03 13:32:26 +0200 |
commit | 9771f955615ba799aa321147a1730dda60e99a00 (patch) | |
tree | 9bf80942cc3870d90277b82b20ef52034516def5 | |
parent | Module version bump for changes to the varnishd module by Adam Tkac (diff) | |
download | hardened-refpolicy-9771f955.tar.gz hardened-refpolicy-9771f955.tar.bz2 hardened-refpolicy-9771f955.zip |
Grant certmonger "chown" capability
After autorenewal of the certificate, "chown" capability is needed
to change certificate user/group to daemon's user/group.
-rw-r--r-- | policy/modules/contrib/certmonger.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/contrib/certmonger.te b/policy/modules/contrib/certmonger.te index 7c3126ea2..034ffa3b4 100644 --- a/policy/modules/contrib/certmonger.te +++ b/policy/modules/contrib/certmonger.te @@ -23,7 +23,7 @@ files_pid_file(certmonger_var_run_t) # Local policy # -allow certmonger_t self:capability { dac_override dac_read_search setgid setuid kill sys_nice }; +allow certmonger_t self:capability { chown dac_override dac_read_search setgid setuid kill sys_nice }; dontaudit certmonger_t self:capability sys_tty_config; allow certmonger_t self:capability2 block_suspend; allow certmonger_t self:process { getsched setsched sigkill signal }; |