commit: 82c3d44842260d9dc33d3ef3e813220d798e09a1
Author: Thomas Mueller <thomas <AT> chaschperli <DOT> ch>
AuthorDate: Thu Jun 9 11:14:05 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Jul 3 11:32:17 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=82c3d448
Allow puppet_t transtition to shorewall_t
If puppet executes /sbin/shorewall it won't transition to
shorewall_t and create log files with puppet_log_t context
instead of shorewall_log_t. If service is then managed by
init (sysv/systemd) it will fail to start.
If puppet_t is allowed to transtition to shorewall_t the
logfile will get the correct shorewall_log_t type.
policy/modules/contrib/puppet.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/contrib/puppet.te b/policy/modules/contrib/puppet.te
index 5fd4c8b..adda09f 100644
--- a/policy/modules/contrib/puppet.te
+++ b/policy/modules/contrib/puppet.te
@@ -200,6 +200,10 @@ optional_policy(`
usermanage_domtrans_useradd(puppet_t)
')
+optional_policy(`
+ shorewall_domtrans(puppet_t)
+')
+
########################################
#
# Ca local policy
