baculum: Fix using bconsole with sudo on Fedora if SELinux is enabled

author Marcin Haba <marcin.haba@bacula.pl>

Sun, 23 Feb 2020 04:23:05 +0000 (05:23 +0100)

committer Marcin Haba <marcin.haba@bacula.pl>

Sun, 23 Feb 2020 04:23:05 +0000 (05:23 +0100)
author Marcin Haba <marcin.haba@bacula.pl>
Sun, 23 Feb 2020 04:23:05 +0000 (05:23 +0100)
committer Marcin Haba <marcin.haba@bacula.pl>
Sun, 23 Feb 2020 04:23:05 +0000 (05:23 +0100)
diff --git a/gui/baculum/examples/selinux/baculum-api.te b/gui/baculum/examples/selinux/baculum-api.te

index 08b7c4a5adaf7a6c1074722668896bd888d5c2df..d5324feb8bf4054bcce7e781aee85168233dde05 100644 (file)
--- a/gui/baculum/examples/selinux/baculum-api.te
+++ b/gui/baculum/examples/selinux/baculum-api.te
@@ -23,6 +23,7 @@ require {
         class capability { audit_write sys_resource net_admin };
         class service { start stop };
         class unix_stream_socket { connectto };
+       class process { setrlimit };
  }
  
  #============= httpd_t ==============
@@ -39,6 +40,7 @@ allow httpd_t httpd_cache_t:dir { read create };
  allow httpd_t httpd_cache_t:file { read write create };
  allow httpd_t self:netlink_audit_socket { write nlmsg_relay create read };
  allow httpd_t self:capability { audit_write sys_resource net_admin };
+allow httpd_t self:process { setrlimit };
  allow httpd_t httpd_sys_rw_content_t:dir { read write };
  allow httpd_t httpd_sys_rw_content_t:file { create append };
  allow httpd_t shadow_t:file { open read };
author	Marcin Haba <marcin.haba@bacula.pl>
	Sun, 23 Feb 2020 04:23:05 +0000 (05:23 +0100)
committer	Marcin Haba <marcin.haba@bacula.pl>
	Sun, 23 Feb 2020 04:23:05 +0000 (05:23 +0100)