commit: 30daf39bdf0854b072c684e8d85a8967aa5bd02c Author: Russell Coker <russell <AT> coker <DOT> com <DOT> au> AuthorDate: Tue Feb 14 09:22:14 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Fri Feb 17 08:13:38 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=30daf39b
tiny mon patch When you merged the mon patch you removed the ability for mon_t to execute lib_t files. The following patch re-enables the ability to execute alert scripts. policy/modules/kernel/corecommands.fc | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 7c1ae574..5049a8a0 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -189,6 +189,7 @@ ifdef(`distro_gentoo',` /usr/lib/mediawiki/math/texvc.* gen_context(system_u:object_r:bin_t,s0) /usr/lib/misc/glibc/getconf/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/misc/sftp-server -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib/mon/alert.d(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/nagios/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/netsaint/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/NetworkManager/nm-.* -- gen_context(system_u:object_r:bin_t,s0)
