| 1 |
commit: 82c3d44842260d9dc33d3ef3e813220d798e09a1 |
| 2 |
Author: Thomas Mueller <thomas <AT> chaschperli <DOT> ch> |
| 3 |
AuthorDate: Thu Jun 9 11:14:05 2016 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Jul 3 11:32:17 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=82c3d448 |
| 7 |
|
| 8 |
Allow puppet_t transtition to shorewall_t |
| 9 |
|
| 10 |
If puppet executes /sbin/shorewall it won't transition to |
| 11 |
shorewall_t and create log files with puppet_log_t context |
| 12 |
instead of shorewall_log_t. If service is then managed by |
| 13 |
init (sysv/systemd) it will fail to start. |
| 14 |
|
| 15 |
If puppet_t is allowed to transtition to shorewall_t the |
| 16 |
logfile will get the correct shorewall_log_t type. |
| 17 |
|
| 18 |
policy/modules/contrib/puppet.te | 4 ++++ |
| 19 |
1 file changed, 4 insertions(+) |
| 20 |
|
| 21 |
diff --git a/policy/modules/contrib/puppet.te b/policy/modules/contrib/puppet.te |
| 22 |
index 5fd4c8b..adda09f 100644 |
| 23 |
--- a/policy/modules/contrib/puppet.te |
| 24 |
+++ b/policy/modules/contrib/puppet.te |
| 25 |
@@ -200,6 +200,10 @@ optional_policy(` |
| 26 |
usermanage_domtrans_useradd(puppet_t) |
| 27 |
') |
| 28 |
|
| 29 |
+optional_policy(` |
| 30 |
+ shorewall_domtrans(puppet_t) |
| 31 |
+') |
| 32 |
+ |
| 33 |
######################################## |
| 34 |
# |
| 35 |
# Ca local policy |
Archives