From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 25 May 2017 20:57:41 -0400
Subject: [refpolicy] [PATCH v2] zabbix: Grant zabbix_agent_t to call
 setrlimit on self
In-Reply-To: <43a45373-4bdb-74ef-6935-e8c199553084@chaschperli.ch>
References: <4fd92936-ab60-a4f1-c076-03f70a0a9e8f@chaschperli.ch>
	<43a45373-4bdb-74ef-6935-e8c199553084@chaschperli.ch>
Message-ID: <b198f32f-5d31-e0ec-783c-e5c9220dcdd4@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/25/2017 06:53 AM, Thomas Mueller via refpolicy wrote:
> Zabbix Agent wants to disable core dumps on its process
> or it refuses to start.
>
> See zabbix bug ZBX-10542
> ---
>  zabbix.te | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/zabbix.te b/zabbix.te
> index 3f45497..5d57a2a 100644
> --- a/zabbix.te
> +++ b/zabbix.te
> @@ -1,4 +1,4 @@
> -policy_module(zabbix, 1.10.1)
> +policy_module(zabbix, 1.10.2)
>
>  ########################################
>  #
> @@ -133,7 +133,7 @@ optional_policy(`
>  #
>
>  allow zabbix_agent_t self:capability { setgid setuid };
> -allow zabbix_agent_t self:process { setsched getsched signal };
> +allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
>  allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
>  allow zabbix_agent_t self:sem create_sem_perms;
>  allow zabbix_agent_t self:shm create_shm_perms;

Merged.  In the future please do not increment the module version.

-- 
Chris PeBenito