commit: f2c017c30c28288b218688c561a32d04931535e1
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Jan 4 19:32:19 2023 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Mon Feb 13 15:19:54 2023 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f2c017c3
munin: Move munin_rw_tcp_sockets() implementation.
No rule changes.
Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/services/munin.if | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/policy/modules/services/munin.if b/policy/modules/services/munin.if
index de654d4ea..b70f1ad91 100644
--- a/policy/modules/services/munin.if
+++ b/policy/modules/services/munin.if
@@ -41,6 +41,23 @@ template(`munin_plugin_template',`
files_tmp_filetrans($1_munin_plugin_t, $1_munin_plugin_tmp_t, { dir
file })
')
+########################################
+## <summary>
+## Permit to read/write Munin TCP sockets
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`munin_rw_tcp_sockets',`
+ gen_require(`
+ type munin_t;
+ ')
+ allow $1 munin_t:tcp_socket rw_socket_perms;
+')
+
########################################
## <summary>
## Connect to munin over a unix domain
@@ -189,20 +206,3 @@ interface(`munin_admin',`
admin_pattern($1, httpd_munin_content_t)
')
-
-########################################
-## <summary>
-## Permit to read/write Munin TCP sockets
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`munin_rw_tcp_sockets',`
- gen_require(`
- type munin_t;
- ')
- allow $1 munin_t:tcp_socket rw_socket_perms;
-')
