commit: 16ad490b87e5629bafc5251261fc294340096fe9
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Thu May 25 10:53:07 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Jun 5 17:16:18 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=16ad490b
zabbix: Grant zabbix_agent_t to call setrlimit on self
Zabbix Agent wants to disable core dumps on its process
or it refuses to start.
See zabbix bug ZBX-10542
policy/modules/contrib/zabbix.te | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/zabbix.te b/policy/modules/contrib/zabbix.te
index 3f45497a..5d57a2af 100644
--- a/policy/modules/contrib/zabbix.te
+++ b/policy/modules/contrib/zabbix.te
@@ -1,4 +1,4 @@
-policy_module(zabbix, 1.10.1)
+policy_module(zabbix, 1.10.2)
########################################
#
@@ -133,7 +133,7 @@ optional_policy(`
#
allow zabbix_agent_t self:capability { setgid setuid };
-allow zabbix_agent_t self:process { setsched getsched signal };
+allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
allow zabbix_agent_t self:sem create_sem_perms;
allow zabbix_agent_t self:shm create_shm_perms;
