Blame mariadb-server-galera.te
|
Jakub Dorňák |
992cadb |
|
|
Jakub Dorňák |
992cadb |
module mariadb-server-galera 1.0;
|
|
Jakub Dorňák |
992cadb |
|
|
Jakub Dorňák |
992cadb |
require {
|
|
Jakub Dorňák |
992cadb |
type mysqld_t;
|
|
Jakub Dorňák |
992cadb |
type rsync_exec_t;
|
|
Jakub Dorňák |
992cadb |
type anon_inodefs_t;
|
|
Jakub Dorňák |
992cadb |
type proc_net_t;
|
|
Jakub Dorňák |
992cadb |
type kerberos_port_t;
|
|
Jakub Dorňák |
992cadb |
class file { read execute execute_no_trans getattr open };
|
|
Jakub Dorňák |
992cadb |
class tcp_socket { name_bind name_connect };
|
|
Jakub Dorňák |
992cadb |
class process { setpgid siginh rlimitinh noatsecure };
|
|
Jakub Dorňák |
992cadb |
}
|
|
Jakub Dorňák |
992cadb |
|
|
Jakub Dorňák |
992cadb |
# allow mysqld to run rsyncd
|
|
Jakub Dorňák |
992cadb |
allow mysqld_t self:process setpgid;
|
|
Jakub Dorňák |
992cadb |
allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open };
|
|
Jakub Dorňák |
992cadb |
allow mysqld_t anon_inodefs_t:file getattr;
|
|
Jakub Dorňák |
992cadb |
allow mysqld_t proc_net_t:file { read open };
|
|
Jakub Dorňák |
992cadb |
|
|
Jakub Dorňák |
992cadb |
# allow rsyncd to listen on port 4444
|
|
Jakub Dorňák |
992cadb |
allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect };
|
|
Jakub Dorňák |
992cadb |
|