Tuned tcp_socket per audit2allow seperation

2015-11-09 02:50:17 -05:00 · 2015-11-09 02:50:17 -05:00 · 977bb115b7
parent fb75c43f97
commit 977bb115b7
1 changed files with 6 additions and 2 deletions
--- a/mlogc.te
+++ b/mlogc.te
@ -1,5 +1,5 @@

-policy_module(mlogc,1.0.40)
+policy_module(mlogc,1.0.41)

 ########################################
 #
@ -104,7 +104,11 @@ allow httpd_t mlogc_log_t:file { write create open };

 #============= mlogc_t ==============

-allow mlogc_t http_port_t:tcp_socket { create connect name_connect getopt getattr setopt };
+allow mlogc_t http_port_t:tcp_socket name_connect;
+allow mlogc_t self:tcp_socket { write read };
+allow mlogc_t self:tcp_socket { connect getopt getattr create setopt };
+
+#allow mlogc_t http_port_t:tcp_socket { create connect name_connect getopt getattr setopt };

 #allow mlogc_t cert_t:dir { write getattr };
 #allow mlogc_t cert_t:file { read write getattr open lock };