Running hpacucli from snmpd blocked by SElinux
Daniel J Walsh
dwalsh at redhat.com
Wed Apr 17 18:26:49 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/17/2013 03:42 AM, Michal Trunecka wrote:
> policy_module(hpacucli, 1.0)
>
> require { attribute domain; attribute exec_type; type snmpd_t; }
>
> # Define new domain type type hpacucli_t; typeattribute hpacucli_t domain;
> domain_type(hpacucli_t);
>
> # Define file context for exec file type hpacucli_exec_t; typeattribute
> hpacucli_exec_t exec_type;
policy_module(hpacucli, 1.0)
gen_require(`
type snmpd_t;
}
# Define new domain type
type hpacucli_t;
type hpacucli_exec_t;
application_domain(hpacucli_t, hpaccli_exec_t);
role system_r types hpacucli_t;
# Define type transition from snmpd_t through hpacucli_exec_t to hpacucli_t
domain_auto_trans(snmpd_t, hpacucli_exec_t, hpacucli_t);
# Make hpacucli_t permissive domain
permissive hpacucli_t;
This is all you need.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFu6WkACgkQrlYvE4MpobNLNwCeN4rWCuJkAJnocvdVEeWXC1IZ
+fwAoNGQrUf1YiWaB6pLK2wQVpTkAUBT
=0SP0
-----END PGP SIGNATURE-----
More information about the selinux
mailing list