automatic import of mariadb

author: CoprDistGit <infra@openeuler.org> 2023-10-16 08:51:05 +0000
committer: CoprDistGit <infra@openeuler.org> 2023-10-16 08:51:05 +0000
commit: 1cabb3ccb5222b459d643dc93c2607dfac702ffa (patch)
tree: cafff97469a1272a9b50ee404a490a4f19a79ba8 /mariadb-server-galera.te
parent: b376534b0c4531c9bdae13fd3f922af950bfbc6b (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/mariadb-server-galera.te b/mariadb-server-galera.te
new file mode 100644
index 0000000..bdce127
--- /dev/null
+++ b/mariadb-server-galera.te
@@ -0,0 +1,23 @@
+
+module mariadb-server-galera 1.0;
+
+require {
+    type mysqld_t;
+    type rsync_exec_t;
+    type anon_inodefs_t;
+    type proc_net_t;
+    type kerberos_port_t;
+    class file { read execute execute_no_trans getattr open };
+    class tcp_socket { name_bind name_connect };
+    class process { setpgid siginh rlimitinh noatsecure };
+}
+
+# allow mysqld to run rsyncd
+allow mysqld_t self:process setpgid;
+allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open };
+allow mysqld_t anon_inodefs_t:file getattr;
+allow mysqld_t proc_net_t:file { read open };
+
+# allow rsyncd to listen on port 4444
+allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect };
+
author	CoprDistGit <infra@openeuler.org>	2023-10-16 08:51:05 +0000
committer	CoprDistGit <infra@openeuler.org>	2023-10-16 08:51:05 +0000
commit	1cabb3ccb5222b459d643dc93c2607dfac702ffa (patch)
tree	cafff97469a1272a9b50ee404a490a4f19a79ba8 /mariadb-server-galera.te
parent	b376534b0c4531c9bdae13fd3f922af950bfbc6b (diff)