From: thomas@chaschperli.ch (Thomas Mueller) Date: Mon, 13 Jun 2016 22:50:44 +0200 Subject: [refpolicy] [PATCH 1/1] Allow puppet_t transtition to shorewall_t Message-ID: <1465851044-23172-1-git-send-email-thomas@chaschperli.ch> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com If puppet executes /sbin/shorewall it won't transition to shorewall_t and create log files with puppet_log_t context instead of shorewall_log_t. If service is then managed by init (sysv/systemd) it will fail to start. If puppet_t is allowed to transtition to shorewall_t the logfile will get the correct shorewall_log_t type. Also posted on github: https://github.com/TresysTechnology/refpolicy-contrib/pull/22 --- puppet.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/puppet.te b/puppet.te index 585f4ed..77171f6 100644 --- a/puppet.te +++ b/puppet.te @@ -200,6 +200,10 @@ optional_policy(` usermanage_domtrans_useradd(puppet_t) ') +optional_policy(` + shorewall_domtrans(puppet_t) +') + ######################################## # # Ca local policy -- 2.5.5