From: Marcin Haba <marcin.haba@bacula.pl>
Date: Sun, 23 Feb 2020 04:23:05 +0000 (+0100)
Subject: baculum: Fix using bconsole with sudo on Fedora if SELinux is enabled
X-Git-Tag: Release-9.6.1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0852b211f5720fa365c1506d3b66e38499595bbf;p=thirdparty%2Fbacula.git

baculum: Fix using bconsole with sudo on Fedora if SELinux is enabled
---

diff --git a/gui/baculum/examples/selinux/baculum-api.te b/gui/baculum/examples/selinux/baculum-api.te
index 08b7c4a5a..d5324feb8 100644
--- a/gui/baculum/examples/selinux/baculum-api.te
+++ b/gui/baculum/examples/selinux/baculum-api.te
@@ -23,6 +23,7 @@ require {
 	class capability { audit_write sys_resource net_admin };
 	class service { start stop };
 	class unix_stream_socket { connectto };
+	class process { setrlimit };
 }
 
 #============= httpd_t ==============
@@ -39,6 +40,7 @@ allow httpd_t httpd_cache_t:dir { read create };
 allow httpd_t httpd_cache_t:file { read write create };
 allow httpd_t self:netlink_audit_socket { write nlmsg_relay create read };
 allow httpd_t self:capability { audit_write sys_resource net_admin };
+allow httpd_t self:process { setrlimit };
 allow httpd_t httpd_sys_rw_content_t:dir { read write };
 allow httpd_t httpd_sys_rw_content_t:file { create append };
 allow httpd_t shadow_t:file { open read };