Allow unlinking sockets on shutdown

tags/zabbix-3.4.11-0.beta2
Daniel Berteaud 7 years ago
parent 9407d9a8e8
commit aeeac615d3
  1. 6
      zabbix-proxy.te
  2. 6
      zabbix-server.te

@ -1,4 +1,4 @@
module zabbix-proxy 1.3;
module zabbix-proxy 1.4;
require {
type var_lib_t;
@ -12,7 +12,7 @@ require {
class sem { unix_read unix_write associate destroy };
class shm { unix_read unix_write associate destroy };
class tcp_socket { create getattr accept shutdown read };
class sock_file { create write };
class sock_file { create write unlink };
class netlink_route_socket { create bind };
class process setrlimit;
class unix_stream_socket connectto;
@ -26,5 +26,5 @@ allow initrc_t unlabeled_t:shm { unix_read unix_write associate destroy };
allow unlabeled_t self:tcp_socket { create getattr accept shutdown read };
allow unlabeled_t self:netlink_route_socket { create bind };
allow zabbix_t self:process setrlimit;
allow zabbix_t zabbix_var_run_t:sock_file create;
allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };
allow zabbix_t self:unix_stream_socket connectto;

@ -1,4 +1,4 @@
module zabbix-server 1.3;
module zabbix-server 1.4;
require {
type devlog_t;
@ -12,7 +12,7 @@ require {
class capability { sys_resource audit_write };
class file { execute read create ioctl execute_no_trans write getattr unlink open };
class netlink_audit_socket { nlmsg_relay create };
class sock_file { create write};
class sock_file { create write unlink };
class unix_dgram_socket { create connect sendto };
class dir { write remove_name add_name };
class key write;
@ -31,4 +31,4 @@ allow zabbix_t syslogd_t:unix_dgram_socket sendto;
allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };
allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_run_t:sock_file create;
allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };

Loading…
Cancel
Save