File tree Expand file tree Collapse file tree 1 file changed +17
-3
lines changed Expand file tree Collapse file tree 1 file changed +17
-3
lines changed Original file line number Diff line number Diff line change @@ -67,19 +67,33 @@ to your SELinux policy:
6767
6868#. Create a custom policy file :file:` mongodb_proc_net.te`
6969
70- .. code-block:: bash
70+ .. code-block:: none
7171
7272 cat > mongodb_proc_net.te <<EOF
7373 module mongodb_proc_net 1.0;
7474
7575 require {
76- type proc_net_t;
76+ type cgroup_t;
77+ type configfs_t;
78+ type file_type;
7779 type mongod_t;
78- class file { open read };
80+ type proc_net_t;
81+ type sysctl_fs_t;
82+ type var_lib_nfs_t;
83+
84+ class dir { search getattr };
85+ class file { getattr open read };
7986 }
8087
8188 #============= mongod_t ==============
89+ allow mongod_t cgroup_t:dir { search getattr } ;
90+ allow mongod_t cgroup_t:file { getattr open read };
91+ allow mongod_t configfs_t:dir getattr;
92+ allow mongod_t file_type:dir { getattr search };
93+ allow mongod_t file_type:file getattr;
8294 allow mongod_t proc_net_t:file { open read };
95+ allow mongod_t sysctl_fs_t:dir search;
96+ allow mongod_t var_lib_nfs_t:dir search;
8397 EOF
8498
8599#. Once created, compile and load the custom policy module by
You can’t perform that action at this time.
0 commit comments