From: thomas@chaschperli.ch (Thomas Mueller)
Date: Thu, 25 May 2017 12:23:08 +0200
Subject: [refpolicy] [PATCH] Grant zabbix_agent_t to call setrlimit on self
Message-ID: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Zabbix Agent wants to disable core dumps on its process
or it refuses to start.

See zabbix bug ZBX-10542
---
 zabbix.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zabbix.te b/zabbix.te
index 3f45497..e71fa3f 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -133,7 +133,7 @@ optional_policy(`
 #

 allow zabbix_agent_t self:capability { setgid setuid };
-allow zabbix_agent_t self:process { setsched getsched signal };
+allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
 allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
 allow zabbix_agent_t self:sem create_sem_perms;
 allow zabbix_agent_t self:shm create_shm_perms;
-- 
2.9.4