Revision 0578ccf1
Added by Lukas Zapletal almost 10 years ago
foreman.te | ||
---|---|---|
tunable_policy(`passenger_run_foreman', `
|
||
read_files_pattern(passenger_t, httpd_foreman_script_exec_t, httpd_foreman_script_exec_t)
|
||
read_lnk_files_pattern(passenger_t, httpd_foreman_script_exec_t, httpd_foreman_script_exec_t)
|
||
append_files_pattern(passenger_t, foreman_log_t, foreman_log_t)
|
||
# unfortunately rails does not only append but also read and write
|
||
rw_files_pattern(passenger_t, foreman_log_t, foreman_log_t)
|
||
')
|
||
')
|
||
|
||
... | ... | |
sysnet_read_config(websockify_t)
|
||
abrt_stream_connect(websockify_t)
|
||
|
||
######################################
|
||
#
|
||
# Elasticsearch
|
||
#
|
||
|
||
# We carry elasticsearch policy until it is delivered to RHEL6:
|
||
# https://bugzilla.redhat.com/show_bug.cgi?id=1102119
|
||
type elasticsearch_port_t;
|
||
corenet_port(elasticsearch_port_t)
|
||
|
||
######################################
|
||
#
|
||
# Foreman Katello plugin
|
||
#
|
||
|
||
# System status (ping) controller checks for service status using sysvinit scripts
|
||
# This is temporary solution until https://bugzilla.redhat.com/show_bug.cgi?id=1105085
|
||
# is fixed.
|
||
init_exec_script_files(passenger_t)
|
||
consoletype_exec(passenger_t)
|
||
|
||
# Katello does connect to Elasticsearch services
|
||
allow passenger_t elasticsearch_port_t:tcp_socket name_connect;
|
||
|
||
######################################
|
||
#
|
||
# Foreman Bootdisk plugin
|
Also available in: Unified diff
fixes #5930 - implement katello selinux policy