File tree Expand file tree Collapse file tree 1 file changed +18
-4
lines changed Expand file tree Collapse file tree 1 file changed +18
-4
lines changed Original file line number Diff line number Diff line change @@ -71,19 +71,33 @@ Permit Access to ``netstat`` for FTDC
7171
7272 #. Create a custom policy file :file:` mongodb_proc_net.te`
7373
74- .. code-block:: sh
74+ .. code-block:: none
7575
7676 cat > mongodb_proc_net.te <<EOF
7777 module mongodb_proc_net 1.0;
7878
7979 require {
80- type proc_net_t;
81- type mongod_t;
82- class file { open read };
80+ type cgroup_t;
81+ type configfs_t;
82+ type file_type;
83+ type mongod_t;
84+ type proc_net_t;
85+ type sysctl_fs_t;
86+ type var_lib_nfs_t;
87+
88+ class dir { search getattr };
89+ class file { getattr open read };
8390 }
8491
8592 #============= mongod_t ==============
93+ allow mongod_t cgroup_t:dir { search getattr } ;
94+ allow mongod_t cgroup_t:file { getattr open read };
95+ allow mongod_t configfs_t:dir getattr;
96+ allow mongod_t file_type:dir { getattr search };
97+ allow mongod_t file_type:file getattr;
8698 allow mongod_t proc_net_t:file { open read };
99+ allow mongod_t sysctl_fs_t:dir search;
100+ allow mongod_t var_lib_nfs_t:dir search;
87101 EOF
88102
89103 #. Once created, compile and load the custom policy module by
You can’t perform that action at this time.
0 commit comments