| 1 |
commit: 9771f955615ba799aa321147a1730dda60e99a00 |
| 2 |
Author: Adam Tkac <adam.tkac <AT> gooddata <DOT> com> |
| 3 |
AuthorDate: Tue Jun 21 13:08:33 2016 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Jul 3 11:32:26 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9771f955 |
| 7 |
|
| 8 |
Grant certmonger "chown" capability |
| 9 |
|
| 10 |
After autorenewal of the certificate, "chown" capability is needed |
| 11 |
to change certificate user/group to daemon's user/group. |
| 12 |
|
| 13 |
policy/modules/contrib/certmonger.te | 2 +- |
| 14 |
1 file changed, 1 insertion(+), 1 deletion(-) |
| 15 |
|
| 16 |
diff --git a/policy/modules/contrib/certmonger.te b/policy/modules/contrib/certmonger.te |
| 17 |
index 7c3126e..034ffa3 100644 |
| 18 |
--- a/policy/modules/contrib/certmonger.te |
| 19 |
+++ b/policy/modules/contrib/certmonger.te |
| 20 |
@@ -23,7 +23,7 @@ files_pid_file(certmonger_var_run_t) |
| 21 |
# Local policy |
| 22 |
# |
| 23 |
|
| 24 |
-allow certmonger_t self:capability { dac_override dac_read_search setgid setuid kill sys_nice }; |
| 25 |
+allow certmonger_t self:capability { chown dac_override dac_read_search setgid setuid kill sys_nice }; |
| 26 |
dontaudit certmonger_t self:capability sys_tty_config; |
| 27 |
allow certmonger_t self:capability2 block_suspend; |
| 28 |
allow certmonger_t self:process { getsched setsched sigkill signal }; |
Archives