summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenton Groombridge <concord@gentoo.org>2024-08-07 16:48:24 -0400
committerJason Zaman <perfinion@gentoo.org>2024-09-21 15:28:29 -0700
commita78318b5d15112ba82d12348fdd050a078aa0486 (patch)
treef026a281de1719e8174a045a0c9d1ca854c57fc1
parentpodman: allow managing init runtime units (diff)
downloadhardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.tar.gz
hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.tar.bz2
hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.zip
haproxy: allow interactive usage
Allow haproxy to be run interactively, e.g. to test its config file and report errors. Signed-off-by: Kenton Groombridge <concord@gentoo.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r--policy/modules/services/haproxy.te4
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/services/haproxy.te b/policy/modules/services/haproxy.te
index fd5bc380..e4046dd2 100644
--- a/policy/modules/services/haproxy.te
+++ b/policy/modules/services/haproxy.te
@@ -91,6 +91,8 @@ corecmd_search_bin(haproxy_t)
dev_dontaudit_read_sysfs(haproxy_t)
+domain_use_interactive_fds(haproxy_t)
+
kernel_read_kernel_sysctls(haproxy_t)
kernel_read_state(haproxy_t)
kernel_read_system_state(haproxy_t)
@@ -102,6 +104,8 @@ miscfiles_read_localization(haproxy_t)
logging_send_syslog_msg(haproxy_t)
+userdom_use_user_terminals(haproxy_t)
+
can_exec(haproxy_t, haproxy_exec_t)
tunable_policy(`haproxy_bind_all_tcp_ports',`