LinuxLists.cc - [refpolicy] [PATCH] Grant zabbix_agent

2017-05-25 10:23:08

Subject: [refpolicy] [PATCH] Grant zabbix_agent_t to call setrlimit on self

Zabbix Agent wants to disable core dumps on its process
or it refuses to start.

See zabbix bug ZBX-10542
---
zabbix.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zabbix.te b/zabbix.te
index 3f45497..e71fa3f 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -133,7 +133,7 @@ optional_policy(`
#

allow zabbix_agent_t self:capability { setgid setuid };
-allow zabbix_agent_t self:process { setsched getsched signal };
+allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
allow zabbix_agent_t self:sem create_sem_perms;
allow zabbix_agent_t self:shm create_shm_perms;
--
2.9.4

2017-05-25 10:53:07

by thomas

[permalink] [raw]

Subject: [refpolicy] [PATCH v2] zabbix: Grant zabbix_agent_t to call setrlimit on self

Zabbix Agent wants to disable core dumps on its process
or it refuses to start.

See zabbix bug ZBX-10542
---
zabbix.te | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zabbix.te b/zabbix.te
index 3f45497..5d57a2a 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -1,4 +1,4 @@
-policy_module(zabbix, 1.10.1)
+policy_module(zabbix, 1.10.2)

########################################
#
@@ -133,7 +133,7 @@ optional_policy(`
#

allow zabbix_agent_t self:capability { setgid setuid };
-allow zabbix_agent_t self:process { setsched getsched signal };
+allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
allow zabbix_agent_t self:sem create_sem_perms;
allow zabbix_agent_t self:shm create_shm_perms;
--
2.9.4

2017-05-26 00:57:41

by Chris PeBenito

[permalink] [raw]

Subject: [refpolicy] [PATCH v2] zabbix: Grant zabbix_agent_t to call setrlimit on self

On 05/25/2017 06:53 AM, Thomas Mueller via refpolicy wrote:
> Zabbix Agent wants to disable core dumps on its process
> or it refuses to start.
>
> See zabbix bug ZBX-10542
> ---
> zabbix.te | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/zabbix.te b/zabbix.te
> index 3f45497..5d57a2a 100644
> --- a/zabbix.te
> +++ b/zabbix.te
> @@ -1,4 +1,4 @@
> -policy_module(zabbix, 1.10.1)
> +policy_module(zabbix, 1.10.2)
>
> ########################################
> #
> @@ -133,7 +133,7 @@ optional_policy(`
> #
>
> allow zabbix_agent_t self:capability { setgid setuid };
> -allow zabbix_agent_t self:process { setsched getsched signal };
> +allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
> allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
> allow zabbix_agent_t self:sem create_sem_perms;
> allow zabbix_agent_t self:shm create_shm_perms;

Merged. In the future please do not increment the module version.

--
Chris PeBenito