Summary: | dev-python/carbon-1.1.5 missing collectd_port_t for port 2003 and 2004 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Philippe Trottier <tchiwam> |
Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | treecleaner |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | Workaround policies |
Description
Philippe Trottier
2019-02-01 01:18:36 UTC
Correction here, these belong to the carbon-aggregate -cache -relay init scripts so I guess a better way to deal with it is to create a carbon_t , maybe a carbon_port_t Or bag all of these under collectd ? But collectd doesn't have a type either... This is my lame beginning into the policy world. policy_module(carbon, 1.1.5) type carbon_t; type carbon_exec_t; init_daemon_domain(carbon_t, carbon_exec_t) type carbon_initrc_exec_t; init_script_file(carbon_initrc_exec_t) allow carbon_t self:packet_socket create_socket_perms; allow carbon_t self:rawip_socket create_socket_perms; allow carbon_t self:unix_stream_socket { accept listen }; Created attachment 563400 [details]
Workaround policies
This is not a proper policy file but it works
audit2allow -i carbon-audit
edit and add header and types
setenforce 0
make -f /usr/share/selinux/strict/include/Makefile carbon.te all
semodule -i carbon.pp
setenforce 1
Working...
|