Collectd: add one more selinux permission

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2026-03-20 12:07:34 +08:00 · 2023-05-26 15:13:19 +02:00
parent 45ad0573f3
commit e7d4e4e905
3 changed files with 3 additions and 3 deletions
--- a/roles/collectd/base/files/selinux/fi-collectd.mod
+++ b/roles/collectd/base/files/selinux/fi-collectd.mod
--- a/roles/collectd/base/files/selinux/fi-collectd.pp
+++ b/roles/collectd/base/files/selinux/fi-collectd.pp
--- a/roles/collectd/base/files/selinux/fi-collectd.te
+++ b/roles/collectd/base/files/selinux/fi-collectd.te
@@ -1,4 +1,4 @@
-module fi-collectd 1.11.1;
+module fi-collectd 1.11.2;

 require {
    type shell_exec_t;
@@ -22,7 +22,7 @@ require {
    class lnk_file read;
    class sock_file { read write getattr };
    class unix_stream_socket connectto;
-    class netlink_generic_socket { create bind };
+    class netlink_generic_socket { create bind getattr };
 }

 #============= collectd_t ==============
@@ -41,4 +41,4 @@ allow collectd_t var_run_t:sock_file { read write getattr };
 allow collectd_t anon_inodefs_t:file { write read };
 allow collectd_t initrc_t:unix_stream_socket connectto;
 allow collectd_t proc_net_t:lnk_file read;
-allow collectd_t self:netlink_generic_socket { create bind };
+allow collectd_t self:netlink_generic_socket { create bind getattr };