[refpolicy] [PATCH v2 1/2] Asterisk admin must be able to run 'asterisk -r'

Sven Vermeulen sven.vermeulen at siphos.be
Mon Oct 3 14:24:05 CDT 2011


One of the most frequently ran commands by asterisk administrators is to
run 'asterisk -r' to manipulate (through the asterisk socket) the
asterisk daemon (sort-of asterisk-specific shell support).

We mark the asterisk_exec_t type as an application_exec_type so that it
can be executed by the user domains.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 asterisk.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/asterisk.te b/asterisk.te
index b3b0176..6f6c42c 100644
--- a/asterisk.te
+++ b/asterisk.te
@@ -8,6 +8,7 @@ policy_module(asterisk, 1.9.0)
 type asterisk_t;
 type asterisk_exec_t;
 init_daemon_domain(asterisk_t, asterisk_exec_t)
+application_executable_file(asterisk_exec_t)
 
 type asterisk_etc_t;
 files_config_file(asterisk_etc_t)
-- 
1.7.3.4



More information about the refpolicy mailing list