From: Dirk Goetz <dirk.goetz@netways.de>
Date: Fri, 27 Feb 2015 09:47:45 +0000 (+0000)
Subject: Selinux: Added capabilities and database support
X-Git-Tag: v2.4.0~641
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7351ab0f6b3bdd5df3da8e2103a5b2de35d8cee8;p=icinga2

Selinux: Added capabilities and database support

refs #8332
---

diff --git a/tools/selinux/icinga2.te b/tools/selinux/icinga2.te
index 1e36dc9a9..42dd7918f 100644
--- a/tools/selinux/icinga2.te
+++ b/tools/selinux/icinga2.te
@@ -48,7 +48,8 @@ corenet_port(icinga2_port_t)
 #
 # icinga2 local policy
 #
-allow icinga2_t self:capability { setgid setuid };
+allow icinga2_t self:capability { setgid setuid sys_resource };
+allow icinga2_t self:process { setsched signal setrlimit };
 allow icinga2_t self:fifo_file rw_fifo_file_perms;
 allow icinga2_t self:unix_stream_socket create_stream_socket_perms;
 
@@ -95,6 +96,12 @@ icinga2_execstrans(nagios_system_plugin_exec_t, nagios_system_plugin_t)
 allow icinga2_t icinga2_port_t:tcp_socket name_bind;
 allow icinga2_t self:tcp_socket create_stream_socket_perms;
 
+mysql_stream_connect(icinga2_t)
+mysql_tcp_connect(icinga2_t)
+postgresql_stream_connect(icinga2_t)
+postgresql_tcp_connect(icinga2_t)
+
+
 ########################################
 #
 # Icinga Webinterfaces