From 7351ab0f6b3bdd5df3da8e2103a5b2de35d8cee8 Mon Sep 17 00:00:00 2001
From: Dirk Goetz <dirk.goetz@netways.de>
Date: Fri, 27 Feb 2015 09:47:45 +0000
Subject: [PATCH] Selinux: Added capabilities and database support

refs #8332
---
 tools/selinux/icinga2.te | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/selinux/icinga2.te b/tools/selinux/icinga2.te
index 1e36dc9a9..42dd7918f 100644
--- a/tools/selinux/icinga2.te
+++ b/tools/selinux/icinga2.te
@@ -48,7 +48,8 @@ corenet_port(icinga2_port_t)
 #
 # icinga2 local policy
 #
-allow icinga2_t self:capability { setgid setuid };
+allow icinga2_t self:capability { setgid setuid sys_resource };
+allow icinga2_t self:process { setsched signal setrlimit };
 allow icinga2_t self:fifo_file rw_fifo_file_perms;
 allow icinga2_t self:unix_stream_socket create_stream_socket_perms;
 
@@ -95,6 +96,12 @@ icinga2_execstrans(nagios_system_plugin_exec_t, nagios_system_plugin_t)
 allow icinga2_t icinga2_port_t:tcp_socket name_bind;
 allow icinga2_t self:tcp_socket create_stream_socket_perms;
 
+mysql_stream_connect(icinga2_t)
+mysql_tcp_connect(icinga2_t)
+postgresql_stream_connect(icinga2_t)
+postgresql_tcp_connect(icinga2_t)
+
+
 ########################################
 #
 # Icinga Webinterfaces
-- 
2.40.0