From: thomas@chaschperli.ch (Thomas Mueller) Date: Thu, 25 May 2017 12:23:08 +0200 Subject: [refpolicy] [PATCH] Grant zabbix_agent_t to call setrlimit on self Message-ID: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Zabbix Agent wants to disable core dumps on its process or it refuses to start. See zabbix bug ZBX-10542 --- zabbix.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zabbix.te b/zabbix.te index 3f45497..e71fa3f 100644 --- a/zabbix.te +++ b/zabbix.te @@ -133,7 +133,7 @@ optional_policy(` # allow zabbix_agent_t self:capability { setgid setuid }; -allow zabbix_agent_t self:process { setsched getsched signal }; +allow zabbix_agent_t self:process { setsched getsched signal setrlimit }; allow zabbix_agent_t self:fifo_file rw_fifo_file_perms; allow zabbix_agent_t self:sem create_sem_perms; allow zabbix_agent_t self:shm create_shm_perms; -- 2.9.4