|
|
0b8841 |
diff --git a/certmonger.te b/certmonger.te
|
|
|
0b8841 |
index 0585431e14..26d4e132ce 100644
|
|
|
0b8841 |
--- a/certmonger.te
|
|
|
0b8841 |
+++ b/certmonger.te
|
|
|
0b8841 |
@@ -136,6 +136,10 @@ optional_policy(`
|
|
|
0b8841 |
kerberos_filetrans_named_content(certmonger_t)
|
|
|
0b8841 |
')
|
|
|
0b8841 |
|
|
|
0b8841 |
+optional_policy(`
|
|
|
0b8841 |
+ mta_send_mail(certmonger_t)
|
|
|
0b8841 |
+')
|
|
|
0b8841 |
+
|
|
|
0b8841 |
optional_policy(`
|
|
|
0b8841 |
pcscd_read_pid_files(certmonger_t)
|
|
|
0b8841 |
pcscd_stream_connect(certmonger_t)
|
|
|
9921ee |
diff --git a/snapper.te b/snapper.te
|
|
|
9921ee |
index faf4fc9fca..fda6e0b289 100644
|
|
|
9921ee |
--- a/snapper.te
|
|
|
9921ee |
+++ b/snapper.te
|
|
|
9921ee |
@@ -22,6 +22,8 @@ files_type(snapperd_data_t)
|
|
|
9921ee |
#
|
|
|
9921ee |
# snapperd local policy
|
|
|
9921ee |
#
|
|
|
9921ee |
+allow snapperd_t self:capability { dac_read_search fowner sys_admin };
|
|
|
9921ee |
+allow snapperd_t self:process setsched;
|
|
|
9921ee |
|
|
|
9921ee |
allow snapperd_t self:fifo_file rw_fifo_file_perms;
|
|
|
9921ee |
allow snapperd_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
9921ee |
@@ -36,8 +38,12 @@ manage_lnk_files_pattern(snapperd_t, snapperd_conf_t, snapperd_conf_t)
|
|
|
9921ee |
manage_files_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)
|
|
|
9921ee |
manage_dirs_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)
|
|
|
9921ee |
manage_lnk_files_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)
|
|
|
9921ee |
+allow snapperd_t snapperd_data_t:file relabelfrom;
|
|
|
9921ee |
+allow snapperd_t snapperd_data_t:dir { relabelfrom relabelto mounton };
|
|
|
9921ee |
snapper_filetrans_named_content(snapperd_t)
|
|
|
9921ee |
|
|
|
9921ee |
+kernel_setsched(snapperd_t)
|
|
|
9921ee |
+
|
|
|
9921ee |
domain_read_all_domains_state(snapperd_t)
|
|
|
9921ee |
|
|
|
9921ee |
corecmd_exec_shell(snapperd_t)
|
|
|
9921ee |
@@ -51,6 +57,8 @@ files_read_all_files(snapperd_t)
|
|
|
9921ee |
files_list_all(snapperd_t)
|
|
|
9921ee |
|
|
|
9921ee |
fs_getattr_all_fs(snapperd_t)
|
|
|
9921ee |
+fs_mount_xattr_fs(snapperd_t)
|
|
|
9921ee |
+fs_unmount_xattr_fs(snapperd_t)
|
|
|
9921ee |
|
|
|
9921ee |
storage_raw_read_fixed_disk(snapperd_t)
|
|
|
9921ee |
|