LinuxLists.cc - [PATCH] minor updates redis module to be able to start the app

2019-01-30 13:22:41

Subject: [PATCH] minor updates redis module to be able to start the app

Signed-off-by: Alexander Miroshnichenko <[email protected]>
---
policy/modules/services/redis.te | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/redis.te b/policy/modules/services/redis.te
index afb5ba870b71..0878fb8fca15 100644
--- a/policy/modules/services/redis.te
+++ b/policy/modules/services/redis.te
@@ -29,7 +29,7 @@ files_config_file(redis_conf_t)
# Local policy
#

-allow redis_t self:process { setrlimit signal_perms };
+allow redis_t self:process { setrlimit signal_perms getsched };
allow redis_t self:fifo_file rw_fifo_file_perms;
allow redis_t self:unix_stream_socket create_stream_socket_perms;
allow redis_t self:tcp_socket create_stream_socket_perms;
@@ -41,6 +41,7 @@ manage_files_pattern(redis_t, redis_log_t, redis_log_t)
manage_lnk_files_pattern(redis_t, redis_log_t, redis_log_t)
logging_log_filetrans(redis_t, redis_log_t, dir)

+files_search_var_lib(redis_t)
manage_dirs_pattern(redis_t, redis_var_lib_t, redis_var_lib_t)
manage_files_pattern(redis_t, redis_var_lib_t, redis_var_lib_t)
manage_lnk_files_pattern(redis_t, redis_var_lib_t, redis_var_lib_t)
--
2.19.2

2019-01-30 23:56:52

by Chris PeBenito

[permalink] [raw]

Subject: Re: [PATCH] minor updates redis module to be able to start the app

On 1/30/19 8:21 AM, Alexander Miroshnichenko wrote:
> Signed-off-by: Alexander Miroshnichenko <[email protected]>
> ---
> policy/modules/services/redis.te | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/policy/modules/services/redis.te b/policy/modules/services/redis.te
> index afb5ba870b71..0878fb8fca15 100644
> --- a/policy/modules/services/redis.te
> +++ b/policy/modules/services/redis.te
> @@ -29,7 +29,7 @@ files_config_file(redis_conf_t)
> # Local policy
> #
>
> -allow redis_t self:process { setrlimit signal_perms };
> +allow redis_t self:process { setrlimit signal_perms getsched };
> allow redis_t self:fifo_file rw_fifo_file_perms;
> allow redis_t self:unix_stream_socket create_stream_socket_perms;
> allow redis_t self:tcp_socket create_stream_socket_perms;
> @@ -41,6 +41,7 @@ manage_files_pattern(redis_t, redis_log_t, redis_log_t)
> manage_lnk_files_pattern(redis_t, redis_log_t, redis_log_t)
> logging_log_filetrans(redis_t, redis_log_t, dir)
>
> +files_search_var_lib(redis_t)
> manage_dirs_pattern(redis_t, redis_var_lib_t, redis_var_lib_t)
> manage_files_pattern(redis_t, redis_var_lib_t, redis_var_lib_t)
> manage_lnk_files_pattern(redis_t, redis_var_lib_t, redis_var_lib_t)

Merged.

--
Chris PeBenito