Browse Source

Allow unlinking sockets on shutdown

tags/zabbix-3.4.11-0.beta2
Daniel Berteaud 1 year ago
parent
commit
aeeac615d3
2 changed files with 6 additions and 6 deletions
  1. +3
    -3
      zabbix-proxy.te
  2. +3
    -3
      zabbix-server.te

+ 3
- 3
zabbix-proxy.te View File

@@ -1,4 +1,4 @@
module zabbix-proxy 1.3;
module zabbix-proxy 1.4;

require {
type var_lib_t;
@@ -12,7 +12,7 @@ require {
class sem { unix_read unix_write associate destroy };
class shm { unix_read unix_write associate destroy };
class tcp_socket { create getattr accept shutdown read };
class sock_file { create write };
class sock_file { create write unlink };
class netlink_route_socket { create bind };
class process setrlimit;
class unix_stream_socket connectto;
@@ -26,5 +26,5 @@ allow initrc_t unlabeled_t:shm { unix_read unix_write associate destroy };
allow unlabeled_t self:tcp_socket { create getattr accept shutdown read };
allow unlabeled_t self:netlink_route_socket { create bind };
allow zabbix_t self:process setrlimit;
allow zabbix_t zabbix_var_run_t:sock_file create;
allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };
allow zabbix_t self:unix_stream_socket connectto;

+ 3
- 3
zabbix-server.te View File

@@ -1,4 +1,4 @@
module zabbix-server 1.3;
module zabbix-server 1.4;

require {
type devlog_t;
@@ -12,7 +12,7 @@ require {
class capability { sys_resource audit_write };
class file { execute read create ioctl execute_no_trans write getattr unlink open };
class netlink_audit_socket { nlmsg_relay create };
class sock_file { create write};
class sock_file { create write unlink };
class unix_dgram_socket { create connect sendto };
class dir { write remove_name add_name };
class key write;
@@ -31,4 +31,4 @@ allow zabbix_t syslogd_t:unix_dgram_socket sendto;
allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };
allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_run_t:sock_file create;
allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };

Loading…
Cancel
Save