haproxy: allow interactive usage

Allow haproxy to be run interactively, e.g. to test its config file and report errors. Signed-off-by: Kenton Groombridge <concord@gentoo.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Kenton Groombridge <concord@gentoo.org> 2024-08-07 16:48:24 -0400
committer: Jason Zaman <perfinion@gentoo.org> 2024-09-21 15:28:29 -0700
commit: a78318b5d15112ba82d12348fdd050a078aa0486 (patch)
tree: f026a281de1719e8174a045a0c9d1ca854c57fc1
parent: podman: allow managing init runtime units (diff)
download: hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.tar.gz
hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.tar.bz2
hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/services/haproxy.te b/policy/modules/services/haproxy.te
index fd5bc3804..e4046dd2d 100644
--- a/policy/modules/services/haproxy.te
+++ b/policy/modules/services/haproxy.te
@@ -91,6 +91,8 @@ corecmd_search_bin(haproxy_t)
 
 dev_dontaudit_read_sysfs(haproxy_t)
 
+domain_use_interactive_fds(haproxy_t)
+
 kernel_read_kernel_sysctls(haproxy_t)
 kernel_read_state(haproxy_t)
 kernel_read_system_state(haproxy_t)
@@ -102,6 +104,8 @@ miscfiles_read_localization(haproxy_t)
 
 logging_send_syslog_msg(haproxy_t)
 
+userdom_use_user_terminals(haproxy_t)
+
 can_exec(haproxy_t, haproxy_exec_t)
 
 tunable_policy(`haproxy_bind_all_tcp_ports',`
author	Kenton Groombridge <concord@gentoo.org>	2024-08-07 16:48:24 -0400
committer	Jason Zaman <perfinion@gentoo.org>	2024-09-21 15:28:29 -0700
commit	a78318b5d15112ba82d12348fdd050a078aa0486 (patch)
tree	f026a281de1719e8174a045a0c9d1ca854c57fc1
parent	podman: allow managing init runtime units (diff)
download	hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.tar.gz hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.tar.bz2 hardened-refpolicy-a78318b5d15112ba82d12348fdd050a078aa0486.zip