Changeset: 60da807f6d86 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/60da807f6d86
Modified Files:
misc/selinux/monetdb.te
Branch: Aug2024
Log Message:
Allow setopt and getattr on UNIX domain sockets.
diffs (21 lines):
diff --git a/misc/selinux/monetdb.te b/misc/selinux/monetdb.te
--- a/misc/selinux/monetdb.te
+++ b/misc/selinux/monetdb.te
@@ -32,7 +32,7 @@ require {
class tcp_socket create_stream_socket_perms;
class udp_socket create_stream_socket_perms;
class unix_dgram_socket create_socket_perms;
- class unix_stream_socket { connectto create_stream_socket_perms getopt
read shutdown write };
+ class unix_stream_socket { connectto create_stream_socket_perms getattr
getopt read shutdown write setopt };
}
# First, we declare the monetdbd_t domain, used for the "monetdbd"
@@ -141,7 +141,7 @@ manage_sock_files_pattern(mserver5_t, tm
allow mserver5_t tmp_t:file create;
manage_sock_files_pattern(mserver5_t, mserver5_db_t, mserver5_db_t)
allow mserver5_t monetdbd_t:fifo_file { read write getattr ioctl };
-allow mserver5_t monetdbd_t:unix_stream_socket { read write getopt shutdown };
+allow mserver5_t monetdbd_t:unix_stream_socket { read write getattr getopt
setopt shutdown };
allow mserver5_t var_t:dir { read };
allow mserver5_t var_lib_t:dir { read };
# we want to be able to read some cgroup files
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
