projects / shibboleth / sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added urandom access.
[shibboleth/sp.git] / selinux / shibshar.te
diff --git a/selinux/shibshar.te b/selinux/shibshar.te
index d6d462f..9227f30 100644 (file)
--- a/selinux/shibshar.te
+++ b/selinux/shibshar.te
@@ -23,6 +23,8 @@ allow shibshar_t shibshar_t:unix_stream_socket create_stream_socket_perms;
 allow shibshar_t shibshar_t:netlink_route_socket { create bind getattr};
 allow shibshar_t usr_t:dir r_dir_perms;
 allow shibshar_t usr_t:file rx_file_perms;
+
+allow shibshar_t urandom_device_t:chr_file { getattr read };
  
 # Enable HTTPD to connect to the shib-shar socket and read/write to it
 can_unix_connect(httpd_t, shibshar_var_run_t)
Shibboleth SP