commit: 1a466eaa3bd92c5a3107d7bb53e5672768dfb20c
Author: Grant Ridder <shortdudey123 <AT> gmail <DOT> com>
AuthorDate: Wed Feb 17 22:28:25 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Mar 11 17:16:17 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1a466eaa
Allow tcp_connect to redis_port_t for redis_t
This fixes the following:
```
type=AVC msg=audit(1455747105.487:947088): avc: denied { name_connect } for
pid=2390 comm="redis-server" dest=26379 scontext=system_u:system_r:redis_t:s0
tcontext=system_u:object_r:redis_port_t:s0 tclass=tcp_socket
```
The `redis-server` process must be allowed to make outbound connections when
running in a master-slave configuration.
policy/modules/contrib/redis.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/redis.te b/policy/modules/contrib/redis.te
index 00a7fc4..9ba0310 100644
--- a/policy/modules/contrib/redis.te
+++ b/policy/modules/contrib/redis.te
@@ -58,6 +58,7 @@ corenet_tcp_bind_generic_node(redis_t)
corenet_sendrecv_redis_server_packets(redis_t)
corenet_tcp_bind_redis_port(redis_t)
+corenet_tcp_connect_redis_port(redis_t)
corenet_tcp_sendrecv_redis_port(redis_t)
dev_read_sysfs(redis_t)
