From: thomas@chaschperli.ch (Thomas Mueller) Date: Thu, 25 May 2017 12:53:07 +0200 Subject: [refpolicy] [PATCH v2] zabbix: Grant zabbix_agent_t to call setrlimit on self In-Reply-To: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch> References: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch> Message-ID: <43a45373-4bdb-74ef-6935-e8c199553084@chaschperli.ch> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Zabbix Agent wants to disable core dumps on its process or it refuses to start. See zabbix bug ZBX-10542 --- zabbix.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/zabbix.te b/zabbix.te index 3f45497..5d57a2a 100644 --- a/zabbix.te +++ b/zabbix.te @@ -1,4 +1,4 @@ -policy_module(zabbix, 1.10.1) +policy_module(zabbix, 1.10.2) ######################################## # @@ -133,7 +133,7 @@ optional_policy(` # allow zabbix_agent_t self:capability { setgid setuid }; -allow zabbix_agent_t self:process { setsched getsched signal }; +allow zabbix_agent_t self:process { setsched getsched signal setrlimit }; allow zabbix_agent_t self:fifo_file rw_fifo_file_perms; allow zabbix_agent_t self:sem create_sem_perms; allow zabbix_agent_t self:shm create_shm_perms; -- 2.9.4