automatic import of mariadbopeneuler23.03 openeuler22.03_LTS_SP2 openeuler22.03_LTS openeuler20.03

author: CoprDistGit <infra@openeuler.org> 2023-08-20 10:47:28 +0000
committer: CoprDistGit <infra@openeuler.org> 2023-08-20 10:47:28 +0000
commit: f0b08fdbf2ac1c6bbbeba9a96babfae8277ed3ef (patch)
tree: eeb9a49118267c48caeefb2bbfa3f9f8ba1e3658 /mariadb-server-galera.te
parent: de830acca23eae53159e3721fc648ce8a86427b7 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/mariadb-server-galera.te b/mariadb-server-galera.te
new file mode 100644
index 0000000..bdce127
--- /dev/null
+++ b/mariadb-server-galera.te
@@ -0,0 +1,23 @@
+
+module mariadb-server-galera 1.0;
+
+require {
+    type mysqld_t;
+    type rsync_exec_t;
+    type anon_inodefs_t;
+    type proc_net_t;
+    type kerberos_port_t;
+    class file { read execute execute_no_trans getattr open };
+    class tcp_socket { name_bind name_connect };
+    class process { setpgid siginh rlimitinh noatsecure };
+}
+
+# allow mysqld to run rsyncd
+allow mysqld_t self:process setpgid;
+allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open };
+allow mysqld_t anon_inodefs_t:file getattr;
+allow mysqld_t proc_net_t:file { read open };
+
+# allow rsyncd to listen on port 4444
+allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect };
+
author	CoprDistGit <infra@openeuler.org>	2023-08-20 10:47:28 +0000
committer	CoprDistGit <infra@openeuler.org>	2023-08-20 10:47:28 +0000
commit	f0b08fdbf2ac1c6bbbeba9a96babfae8277ed3ef (patch)
tree	eeb9a49118267c48caeefb2bbfa3f9f8ba1e3658 /mariadb-server-galera.te
parent	de830acca23eae53159e3721fc648ce8a86427b7 (diff)