46 lines
2.5 KiB
Diff
46 lines
2.5 KiB
Diff
BZ 1790452 - Installation of pcp-pmda-samba causes SELinux issues
|
|
73772a60f selinux: fix pmdasamba(1) operating with selinux enforcing
|
|
|
|
--- a/qa/917.out.in 2020-05-19 20:34:46.000000000 +1000
|
|
+++ pcp-5.1.1/qa/917.out.in 2020-06-22 17:29:14.346713826 +1000
|
|
@@ -34,6 +34,8 @@
|
|
! allow [pcp_pmcd_t] [unreserved_port_t] : [tcp_socket] { name_bind name_connect };
|
|
! allow [pcp_pmcd_t] [unreserved_port_t] : [udp_socket] { name_bind };
|
|
! allow [pcp_pmlogger_t] [unreserved_port_t] : [tcp_socket] { name_bind };
|
|
+ allow [pcp_pmcd_t] [samba_var_t] : [dir] { add_name write };
|
|
+ allow [pcp_pmcd_t] [samba_var_t] : [file] { create };
|
|
allow [pcp_pmcd_t] [websm_port_t] : [tcp_socket] { name_connect };
|
|
! allow [pcp_pmcd_t] [pcp_tmp_t] : [file] { execute execute_no_trans map };
|
|
allow [pcp_pmcd_t] [hostname_exec_t] : [file] { execute execute_no_trans getattr open read };
|
|
--- a/src/pmdas/samba/pmdasamba.pl 2020-02-04 14:51:57.000000000 +1100
|
|
+++ pcp-5.1.1/src/pmdas/samba/pmdasamba.pl 2020-06-22 17:29:14.346713826 +1000
|
|
@@ -41,6 +41,7 @@
|
|
$pmda->err("pmdasamba failed to open $smbstats pipe: $!");
|
|
|
|
while (<STATS>) {
|
|
+ $_ =~ s/"//g;
|
|
if (m/^\*\*\*\*\s+(\w+[^*]*)\**$/) {
|
|
my $heading = $1;
|
|
$heading =~ s/ +$//g;
|
|
--- a/src/selinux/pcpupstream.te.in 2020-05-19 20:34:32.000000000 +1000
|
|
+++ pcp-5.1.1/src/selinux/pcpupstream.te.in 2020-06-22 17:29:14.347713837 +1000
|
|
@@ -22,6 +22,7 @@
|
|
type pcp_pmie_exec_t; # pmda.summary
|
|
type ping_exec_t; # pmda.netcheck
|
|
type openvswitch_exec_t; # pmda.openvswitch
|
|
+ type samba_var_t; # pmda.samba
|
|
type websm_port_t; # pmda.openmetrics
|
|
type system_cronjob_t;
|
|
type user_home_t;
|
|
@@ -151,6 +152,10 @@
|
|
#type=AVC msg=audit(YYY.94): avc: denied { name_bind } for pid=9365 comm=pmlogger src=4332 scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
|
|
@PCP_UNRESERVED_PORT_RULE_PMLOGGER@
|
|
|
|
+#type=AVC msg=audit(YYY.97): avc: denied { write } for pid=3507787 comm="smbstatus" name="msg.lock" dev="dm-0" ino=283321 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:samba_var_t:s0 tclass=dir permissive=0
|
|
+allow pcp_pmcd_t samba_var_t:dir { add_name write }; # pmda.samba
|
|
+allow pcp_pmcd_t samba_var_t:file { create }; # pmda.samba
|
|
+
|
|
#type=AVC msg=audit(YYY.15): avc: denied { name_connect } for pid=13816 comm="python3" dest=9090 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:websm_port_t:s0 tclass=tcp_socket permissive=0
|
|
allow pcp_pmcd_t websm_port_t:tcp_socket name_connect; # pmda.openmetrics
|
|
|