32e03b2cdd
Move content from stx-gplv2 into stx-integ
Packages will be relocated to
stx-integ:
base/
bash
cgcs-users
cluster-resource-agents
dpkg
haproxy
libfdt
netpbm
rpm
database/
mariadb
filesystem/
iscsi-initiator-utils
filesystem/drbd/
drbd-tools
kernel/kernel-modules/
drbd
integrity
intel-e1000e
intel-i40e
intel-i40evf
intel-ixgbe
intel-ixgbevf
qat17
tpmdd
ldap/
ldapscripts
networking/
iptables
net-tools
Change-Id: Ibc2ad09bef7a7f40e337513a1694a22f38d7f4e9
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
24 lines
681 B
Plaintext
24 lines
681 B
Plaintext
|
|
module mariadb-server-galera 1.0;
|
|
|
|
require {
|
|
type mysqld_t;
|
|
type rsync_exec_t;
|
|
type anon_inodefs_t;
|
|
type proc_net_t;
|
|
type kerberos_port_t;
|
|
class file { read execute execute_no_trans getattr open };
|
|
class tcp_socket { name_bind name_connect };
|
|
class process { setpgid siginh rlimitinh noatsecure };
|
|
}
|
|
|
|
# allow mysqld to run rsyncd
|
|
allow mysqld_t self:process setpgid;
|
|
allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open };
|
|
allow mysqld_t anon_inodefs_t:file getattr;
|
|
allow mysqld_t proc_net_t:file { read open };
|
|
|
|
# allow rsyncd to listen on port 4444
|
|
allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect };
|
|
|