From: thomas@chaschperli.ch (Thomas Mueller)
Date: Thu, 25 May 2017 12:53:07 +0200
Subject: [refpolicy] [PATCH v2] zabbix: Grant zabbix_agent_t to call
	setrlimit on self
In-Reply-To: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch>
References: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch>
Message-ID: <43a45373-4bdb-74ef-6935-e8c199553084@chaschperli.ch>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Zabbix Agent wants to disable core dumps on its process
or it refuses to start.

See zabbix bug ZBX-10542
---
 zabbix.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zabbix.te b/zabbix.te
index 3f45497..5d57a2a 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -1,4 +1,4 @@
-policy_module(zabbix, 1.10.1)
+policy_module(zabbix, 1.10.2)

 ########################################
 #
@@ -133,7 +133,7 @@ optional_policy(`
 #

 allow zabbix_agent_t self:capability { setgid setuid };
-allow zabbix_agent_t self:process { setsched getsched signal };
+allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
 allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
 allow zabbix_agent_t self:sem create_sem_perms;
 allow zabbix_agent_t self:shm create_shm_perms;
-- 
2.9.4