Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/redis.te
diff options
context:
space:
mode:
authorGrant Ridder <shortdudey123@gmail.com>2016-02-17 14:28:25 -0800
committerJason Zaman <jason@perfinion.com>2016-03-12 01:16:17 +0800
commit1a466eaa3bd92c5a3107d7bb53e5672768dfb20c (patch)
treeca6c8beefef3ba98f5f8749eb4299c74ca8cf5bc /policy/modules/contrib/redis.te
parentModule version bump for changes to the networkmanager module by Laurent Bigon... (diff)
downloadhardened-refpolicy-1a466eaa3bd92c5a3107d7bb53e5672768dfb20c.tar.gz
hardened-refpolicy-1a466eaa3bd92c5a3107d7bb53e5672768dfb20c.tar.bz2
hardened-refpolicy-1a466eaa3bd92c5a3107d7bb53e5672768dfb20c.zip
Allow tcp_connect to redis_port_t for redis_t
This fixes the following: ``` type=AVC msg=audit(1455747105.487:947088): avc: denied { name_connect } for pid=2390 comm="redis-server" dest=26379 scontext=system_u:system_r:redis_t:s0 tcontext=system_u:object_r:redis_port_t:s0 tclass=tcp_socket ``` The `redis-server` process must be allowed to make outbound connections when running in a master-slave configuration.
Diffstat (limited to 'policy/modules/contrib/redis.te')
-rw-r--r--policy/modules/contrib/redis.te1
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/contrib/redis.te b/policy/modules/contrib/redis.te
index 00a7fc43c..9ba031068 100644
--- a/policy/modules/contrib/redis.te
+++ b/policy/modules/contrib/redis.te
@@ -58,6 +58,7 @@ corenet_tcp_bind_generic_node(redis_t)
corenet_sendrecv_redis_server_packets(redis_t)
corenet_tcp_bind_redis_port(redis_t)
+corenet_tcp_connect_redis_port(redis_t)
corenet_tcp_sendrecv_redis_port(redis_t)
dev_read_sysfs(redis_t)