Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/performancecopilot/pcp
Browse files Browse the repository at this point in the history
  • Loading branch information
@kmcdonell
kmcdonell committed Jan 8, 2025
2 parents 4d44895 + b59f59e commit 5233082
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/selinux/pcp.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -906,6 +906,10 @@ allow pcp_pmlogger_t etc_t:dir { add_name read remove_name write };
allow pcp_pmlogger_t etc_t:file { create unlink write };
allow pcp_pmlogger_t cgroup_t:file { getattr read open append write };

# type=AVC msg=audit(N) : avc: denied { getattr } for pid=PID comm=mount path=/dev/dm-0 dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0
allow pcp_pmlogger_t fixed_disk_device_t:blk_file getattr;
allow pcp_pmlogger_t sysfs_t:lnk_file read;

#============= pcp_pmie_t ==============
# type=AVC msg=audit(N): avc: denied { execute execute_no_trans getattr open read } for pid=PID comm="pmdaX" name="/" dev="tracefs" ino=INO scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file permissive=0
allow pcp_pmie_t hostname_exec_t:file { execute execute_no_trans getattr open read };
Expand Down Expand Up @@ -940,6 +944,10 @@ allow pcp_pmie_t etc_t:dir { add_name read remove_name write };
allow pcp_pmie_t etc_t:file { create unlink write };
allow pcp_pmie_t cgroup_t:file { getattr read open append write };

# type=AVC msg=audit(N) : avc: denied { getattr } for pid=PID comm=mount path=/dev/dm-0 dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0
allow pcp_pmie_t fixed_disk_device_t:blk_file getattr;
allow pcp_pmie_t sysfs_t:lnk_file read;

#============= pmda-lio ==============
# type=AVC msg=audit(N): avc: denied { open read search write } for pid=PID comm="pmdaX" name="/" dev="tracefs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:configfs_t:s0 tclass=dir permissive=0
allow pcp_pmcd_t configfs_t:dir { open read search write };
Expand Down

0 comments on commit 5233082

Please sign in to comment.