From a78318b5d15112ba82d12348fdd050a078aa0486 Mon Sep 17 00:00:00 2001 From: Kenton Groombridge Date: Wed, 7 Aug 2024 16:48:24 -0400 Subject: haproxy: allow interactive usage Allow haproxy to be run interactively, e.g. to test its config file and report errors. Signed-off-by: Kenton Groombridge Signed-off-by: Jason Zaman --- policy/modules/services/haproxy.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/modules/services/haproxy.te b/policy/modules/services/haproxy.te index fd5bc3804..e4046dd2d 100644 --- a/policy/modules/services/haproxy.te +++ b/policy/modules/services/haproxy.te @@ -91,6 +91,8 @@ corecmd_search_bin(haproxy_t) dev_dontaudit_read_sysfs(haproxy_t) +domain_use_interactive_fds(haproxy_t) + kernel_read_kernel_sysctls(haproxy_t) kernel_read_state(haproxy_t) kernel_read_system_state(haproxy_t) @@ -102,6 +104,8 @@ miscfiles_read_localization(haproxy_t) logging_send_syslog_msg(haproxy_t) +userdom_use_user_terminals(haproxy_t) + can_exec(haproxy_t, haproxy_exec_t) tunable_policy(`haproxy_bind_all_tcp_ports',` -- cgit v1.2.3-65-gdbad