SELinux: How to allow access to /proc
by blueh2o from LinuxQuestions.org on (#508NG)
I have a process that uses pgrep to look in /proc for various processes. SELinux blocks this access. I want to allow it but there are too many types:
allow svc_start_t auditd_t:dir getattr;
allow svc_start_t crond_t:dir getattr;
allow svc_start_t dhcpc_t:dir getattr;
allow svc_start_t firewalld_t:dir getattr;
allow svc_start_t getty_t:dir getattr;
allow svc_start_t httpd_rotatelogs_t:dir getattr;
allow svc_start_t httpd_t:dir getattr;
allow svc_start_t irqbalance_t:dir getattr;
allow svc_start_t kernel_t:dir getattr;
etc etc etc
I want to do something like:
allow svc_start_t *:dir getattr search;
But it tells me "ERROR '* not allowed in this type of rule'"
What is the correct syntax?
allow svc_start_t auditd_t:dir getattr;
allow svc_start_t crond_t:dir getattr;
allow svc_start_t dhcpc_t:dir getattr;
allow svc_start_t firewalld_t:dir getattr;
allow svc_start_t getty_t:dir getattr;
allow svc_start_t httpd_rotatelogs_t:dir getattr;
allow svc_start_t httpd_t:dir getattr;
allow svc_start_t irqbalance_t:dir getattr;
allow svc_start_t kernel_t:dir getattr;
etc etc etc
I want to do something like:
allow svc_start_t *:dir getattr search;
But it tells me "ERROR '* not allowed in this type of rule'"
What is the correct syntax?