|
 |
e54b68 |
diff --git a/glusterd.te b/glusterd.te
|
|
|
e54b68 |
index 48811e2..d2a1ba9 100644
|
|
|
e54b68 |
--- a/glusterd.te
|
|
|
e54b68 |
+++ b/glusterd.te
|
|
|
e54b68 |
@@ -59,7 +59,7 @@ files_type(glusterd_brick_t)
|
|
|
e54b68 |
# Local policy
|
|
|
e54b68 |
#
|
|
|
e54b68 |
|
|
|
e54b68 |
-allow glusterd_t self:capability { sys_admin sys_resource sys_ptrace dac_override chown dac_read_search fowner fsetid kill setgid setuid net_admin mknod net_raw };
|
|
|
e54b68 |
+allow glusterd_t self:capability { sys_admin sys_resource sys_ptrace dac_override chown dac_read_search fowner fsetid ipc_lock kill setgid setuid net_admin mknod net_raw };
|
|
|
e54b68 |
|
|
|
e54b68 |
allow glusterd_t self:capability2 block_suspend;
|
|
|
e54b68 |
allow glusterd_t self:process { getcap setcap setrlimit signal_perms setsched getsched setfscreate};
|
|
|
e54b68 |
@@ -155,6 +155,7 @@ corenet_tcp_connect_all_ports(glusterd_t)
|
|
|
e54b68 |
dev_read_sysfs(glusterd_t)
|
|
|
e54b68 |
dev_read_urand(glusterd_t)
|
|
|
e54b68 |
dev_read_rand(glusterd_t)
|
|
|
e54b68 |
+dev_rw_infiniband_dev(glusterd_t)
|
|
|
e54b68 |
|
|
|
e54b68 |
domain_read_all_domains_state(glusterd_t)
|
|
|
e54b68 |
domain_getattr_all_sockets(glusterd_t)
|
|
|
e54b68 |
@@ -164,6 +165,7 @@ domain_use_interactive_fds(glusterd_t)
|
|
|
e54b68 |
fs_mount_all_fs(glusterd_t)
|
|
|
e54b68 |
fs_unmount_all_fs(glusterd_t)
|
|
|
e54b68 |
fs_getattr_all_fs(glusterd_t)
|
|
|
e54b68 |
+fs_getattr_all_dirs(glusterd_t)
|
|
|
e54b68 |
|
|
|
e54b68 |
files_mounton_non_security(glusterd_t)
|
|
|
e54b68 |
|
|
|
ddc3b9 |
diff --git a/rhcs.te b/rhcs.te
|
|
|
ddc3b9 |
index ce1ca24..4c9f2b6 100644
|
|
|
ddc3b9 |
--- a/rhcs.te
|
|
|
ddc3b9 |
+++ b/rhcs.te
|
|
|
ddc3b9 |
@@ -275,6 +275,10 @@ optional_policy(`
|
|
|
ddc3b9 |
')
|
|
|
ddc3b9 |
|
|
|
ddc3b9 |
optional_policy(`
|
|
|
ddc3b9 |
+ fprintd_dbus_chat(cluster_t)
|
|
|
ddc3b9 |
+')
|
|
|
ddc3b9 |
+
|
|
|
ddc3b9 |
+optional_policy(`
|
|
|
ddc3b9 |
ldap_systemctl(cluster_t)
|
|
|
ddc3b9 |
')
|
|
|
ddc3b9 |
|