From: pebenito@ieee.org (Chris PeBenito) Date: Thu, 25 May 2017 20:57:41 -0400 Subject: [refpolicy] [PATCH v2] zabbix: Grant zabbix_agent_t to call setrlimit on self In-Reply-To: <43a45373-4bdb-74ef-6935-e8c199553084@chaschperli.ch> References: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch> <43a45373-4bdb-74ef-6935-e8c199553084@chaschperli.ch> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 05/25/2017 06:53 AM, Thomas Mueller via refpolicy wrote: > Zabbix Agent wants to disable core dumps on its process > or it refuses to start. > > See zabbix bug ZBX-10542 > --- > zabbix.te | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/zabbix.te b/zabbix.te > index 3f45497..5d57a2a 100644 > --- a/zabbix.te > +++ b/zabbix.te > @@ -1,4 +1,4 @@ > -policy_module(zabbix, 1.10.1) > +policy_module(zabbix, 1.10.2) > > ######################################## > # > @@ -133,7 +133,7 @@ optional_policy(` > # > > allow zabbix_agent_t self:capability { setgid setuid }; > -allow zabbix_agent_t self:process { setsched getsched signal }; > +allow zabbix_agent_t self:process { setsched getsched signal setrlimit }; > allow zabbix_agent_t self:fifo_file rw_fifo_file_perms; > allow zabbix_agent_t self:sem create_sem_perms; > allow zabbix_agent_t self:shm create_shm_perms; Merged. In the future please do not increment the module version. -- Chris PeBenito