diff options
| -rw-r--r-- | policy/modules/contrib/salt.te | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te index 279edfba..024a1651 100644 --- a/policy/modules/contrib/salt.te +++ b/policy/modules/contrib/salt.te @@ -198,7 +198,7 @@ tunable_policy(`salt_master_read_nfs',` # salt_minion_t policy # -allow salt_minion_t self:capability { fsetid chown net_admin sys_admin sys_tty_config }; +allow salt_minion_t self:capability { fsetid chown dac_override dac_read_search net_admin sys_admin sys_tty_config }; allow salt_minion_t self:capability2 block_suspend; allow salt_minion_t self:process { signal signull }; allow salt_minion_t self:tcp_socket create_stream_socket_perms; @@ -294,6 +294,10 @@ optional_policy(` ') optional_policy(` + ssh_manage_home_files(salt_minion_t) +') + +optional_policy(` mount_domtrans(salt_minion_t) ') |