Skip to content

Commit a745500

Browse files
FaramosCZFaramosCZ
committed
[refactoring] Order of interfaces call should be kept
i. e. kernel is the first after manage rules and then alphabetically.
1 parent a0f93bd commit a745500

File tree

1 file changed

+13
-16
lines changed

1 file changed

+13
-16
lines changed

mysql.te

+13-16
Original file line numberDiff line numberDiff line change
@@ -76,13 +76,6 @@ allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
7676
allow mysqld_t self:tcp_socket create_stream_socket_perms;
7777
allow mysqld_t self:udp_socket create_socket_perms;
7878

79-
kernel_read_network_state(mysqld_t)
80-
kernel_read_net_sysctls(mysqld_t)
81-
82-
# Allow mysqld_t to read to memory.pressure in cgroup
83-
fs_read_cgroup_files(mysqld_t)
84-
fs_write_cgroup_files(mysqld_t)
85-
8679
manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
8780
manage_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
8881
manage_sock_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
@@ -110,9 +103,12 @@ manage_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
110103
manage_sock_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
111104
files_pid_filetrans(mysqld_t, mysqld_var_run_t, { dir file sock_file })
112105

106+
kernel_read_kernel_sysctls(mysqld_t)
107+
kernel_read_net_sysctls(mysqld_t)
113108
kernel_read_network_state(mysqld_t)
114109
kernel_read_system_state(mysqld_t)
115-
kernel_read_kernel_sysctls(mysqld_t)
110+
111+
can_exec(mysqld_t, mysqld_exec_t)
116112

117113
corecmd_exec_bin(mysqld_t)
118114
corecmd_exec_shell(mysqld_t)
@@ -132,23 +128,24 @@ corenet_tcp_connect_tram_port(mysqld_t)
132128
corenet_sendrecv_mysqld_client_packets(mysqld_t)
133129
corenet_sendrecv_mysqld_server_packets(mysqld_t)
134130

135-
can_exec(mysqld_t, mysqld_exec_t)
136-
137131
dev_read_sysfs(mysqld_t)
138132
dev_read_urand(mysqld_t)
139133

134+
domain_read_all_domains_state(mysqld_t)
135+
domain_use_interactive_fds(mysqld_t)
136+
140137
fs_getattr_all_fs(mysqld_t)
141-
fs_search_auto_mountpoints(mysqld_t)
142138
fs_rw_hugetlbfs_files(mysqld_t)
139+
fs_search_auto_mountpoints(mysqld_t)
140+
# Allow mysqld_t to read and write to memory.pressure file in cgroup
141+
fs_read_cgroup_files(mysqld_t)
142+
fs_write_cgroup_files(mysqld_t)
143143

144-
domain_use_interactive_fds(mysqld_t)
145-
domain_read_all_domains_state(mysqld_t)
146-
144+
files_getattr_all_sockets(mysqld_t)
147145
files_getattr_var_lib_dirs(mysqld_t)
148146
files_read_etc_runtime_files(mysqld_t)
149-
files_search_var_lib(mysqld_t)
150147
files_search_pids(mysqld_t)
151-
files_getattr_all_sockets(mysqld_t)
148+
files_search_var_lib(mysqld_t)
152149

153150
ifdef(`distro_redhat',`
154151
filetrans_pattern(mysqld_t, mysqld_db_t, mysqld_var_run_t, sock_file)

0 commit comments

Comments
 (0)