From e7d4e4e905b912b7f03eb1956259cd1a25083c92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 26 May 2023 15:13:19 +0200
Subject: [PATCH] Collectd: add one more selinux permission
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 .../base/files/selinux/fi-collectd.mod        | Bin 4097 -> 4112 bytes
 .../base/files/selinux/fi-collectd.pp         | Bin 4113 -> 4128 bytes
 .../base/files/selinux/fi-collectd.te         |   6 +++---
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/collectd/base/files/selinux/fi-collectd.mod b/roles/collectd/base/files/selinux/fi-collectd.mod
index 596ce3bdf579ae1ba866f9f8210b5cc8ad33ba61..e349334f388077a2a84b3c0e47e96686d248957f 100644
GIT binary patch
delta 68
zcmZovn4mDhnaRjuaw4nn<O#ei8)F!mSeY3Z7?>v~F`4tTgIGYEo?4PvQc|>eCX+ZP
VBm3r!-1>}@H}LRme#0Zm3;-cE5NQAa

delta 74
zcmbQB(5NuMnaR*$av-np#t2p>Rwf1p2ByhLOy-+cFo|<AGJ_;0e_-O-e4kr@5y%x}
b7M{${>oM7$hi7sOuk+*tUe?X?c?+2UqY4sS

diff --git a/roles/collectd/base/files/selinux/fi-collectd.pp b/roles/collectd/base/files/selinux/fi-collectd.pp
index c1fbadb19929533778e8db6d70c150b757391af2..72f1e69abff402443075a1dc21cabee933ff1b12 100644
GIT binary patch
delta 68
zcmbQJus~r#Fq4tP<U&^A$qRT{Hs&xgu`)9-FfdOpVlwAv2eE)SJ+&mUq@-x`N+xkm
VM)u7Ix%C+*AK>BH{D()B82~)?5g7mg

delta 73
zcmZ3WFi~MbFq5If<V0TKjTx*=tV|3H3`~=Yn9MitU=rtKWClr0V&>WWo?Czs$Wvq%
ao-EJnG1;GoXL1g&^W*|v*3IjA3z-0&juKn|

diff --git a/roles/collectd/base/files/selinux/fi-collectd.te b/roles/collectd/base/files/selinux/fi-collectd.te
index 94846dc864..630d7fa6e4 100644
--- a/roles/collectd/base/files/selinux/fi-collectd.te
+++ b/roles/collectd/base/files/selinux/fi-collectd.te
@@ -1,4 +1,4 @@
-module fi-collectd 1.11.1;
+module fi-collectd 1.11.2;
 
 require {
     type shell_exec_t;
@@ -22,7 +22,7 @@ require {
     class lnk_file read;
     class sock_file { read write getattr };
     class unix_stream_socket connectto;
-    class netlink_generic_socket { create bind };
+    class netlink_generic_socket { create bind getattr };
 }
 
 #============= collectd_t ==============
@@ -41,4 +41,4 @@ allow collectd_t var_run_t:sock_file { read write getattr };
 allow collectd_t anon_inodefs_t:file { write read };
 allow collectd_t initrc_t:unix_stream_socket connectto;
 allow collectd_t proc_net_t:lnk_file read;
-allow collectd_t self:netlink_generic_socket { create bind };
+allow collectd_t self:netlink_generic_socket { create bind getattr };