Allow logrotate to execute systemctl

author Miroslav Grepl <mgrepl@redhat.com>

Tue, 17 May 2011 18:08:44 +0000 (18:08 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Tue, 17 May 2011 18:08:44 +0000 (18:08 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Tue, 17 May 2011 18:08:44 +0000 (18:08 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Tue, 17 May 2011 18:08:44 +0000 (18:08 +0000)
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te

index 890c1a4c75e6cdf18cd128236c74622221924d85..12979629a01e348c1c318134ac855492ec6c2348 100644 (file)
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -116,6 +116,8 @@ miscfiles_read_localization(logrotate_t)
  
  seutil_dontaudit_read_config(logrotate_t)
  
+systemd_exec_systemctl(logrotate_t)
+
  userdom_use_inherited_user_terminals(logrotate_t)
  userdom_list_user_home_dirs(logrotate_t)
  userdom_use_unpriv_users_fds(logrotate_t)
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te

index 93e68fff663462f1c5823392ba02a09a122aaa2c..d27f79b3923833d65b5215dad7fce5c3dc4b4eae 100644 (file)
--- a/policy/modules/apps/gnome.te
+++ b/policy/modules/apps/gnome.te
@@ -181,6 +181,8 @@ domain_sigstop_all_domains(gnomesystemmm_t)
  files_read_etc_files(gnomesystemmm_t)
  files_read_usr_files(gnomesystemmm_t)
  
+fs_getattr_xattr_fs(gnomesystemmm_t)
+
  miscfiles_read_localization(gnomesystemmm_t)
  
  userdom_read_all_users_state(gnomesystemmm_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Tue, 17 May 2011 18:08:44 +0000 (18:08 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Tue, 17 May 2011 18:08:44 +0000 (18:08 +0000)
policy/modules/admin/logrotate.te		patch \| blob \| blame \| history
policy/modules/apps/gnome.te		patch \| blob \| blame \| history