From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 19 Feb 2017 16:35:44 -0500 Subject: [refpolicy] [PATCH] base monit policy In-Reply-To: <201702192107.50397.russell@coker.com.au> References: <20170216093250.4iedsx44safh2qxa@athena.coker.com.au> <19d23b60-f510-25a5-e80e-99a3c7517695@ieee.org> <201702192107.50397.russell@coker.com.au> Message-ID: <66399dbf-0588-230a-fbc5-7af3351d6906@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/19/17 05:07, Russell Coker wrote: > On Sun, 19 Feb 2017 12:17:29 AM Chris PeBenito wrote: >> On 02/16/17 04:32, Russell Coker via refpolicy wrote: >>> Here is a patch for the monit policy without the monit_interactive_t >>> domain. This should be a minimally functional monit policy and we can >>> then build on it with the monit_interactive_t domain (or maybe a >>> different way of achieving the same goal). >>> >>> >>> From: cgzones >>> Date: Fri, 25 Nov 2016 22:53:35 +0100 >>> Subject: add monit module >>> >>> --- >>> >>> + >>> + init_get_all_units_status(monit_t) >>> + init_get_system_status(monit_t) >>> + init_start_all_units(monit_t) >>> + init_stop_all_units(monit_t) >>> + init_stream_connect(monit_t) >>> + ') >>> +') >> >> This patch looks ok, except for this part. Using the attribute like >> this isn't acceptable. Also, if systemd isn't enabled, this is an empty >> block, so the ifdef should be on the outside and tunable_policy nested >> inside. > > OK, I've attached a new version that fixes this. Merged, though I made a few trivial changes. -- Chris PeBenito