From 46588065d43ae7bde461692fac73830831165de6 Mon Sep 17 00:00:00 2001 From: Sven Vermeulen Date: Apr 20 2012 20:21:52 +0000 Subject: Allow asterisk to chown its own /var/run/asterisk directory During startup, asterisk verifies the ownership of its run-directory and, if not set correctly, changes it accordingly. Signed-off-by: Sven Vermeulen --- diff --git a/asterisk.te b/asterisk.te index 22d7cdf..c702879 100644 --- a/asterisk.te +++ b/asterisk.te @@ -40,7 +40,7 @@ files_pid_file(asterisk_var_run_t) # # dac_override for /var/run/asterisk -allow asterisk_t self:capability { dac_override setgid setuid sys_nice net_admin }; +allow asterisk_t self:capability { dac_override setgid setuid sys_nice net_admin chown }; dontaudit asterisk_t self:capability sys_tty_config; allow asterisk_t self:process { getsched setsched signal_perms getcap setcap }; allow asterisk_t self:fifo_file rw_fifo_file_perms;