Revision 121d1aa7
Added by Lukas Zapletal about 9 years ago
foreman.fc | ||
---|---|---|
|
||
/usr/share/foreman/.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
|
||
/usr/share/foreman/extras/noVNC/websockify\.py gen_context(system_u:object_r:websockify_exec_t,s0)
|
||
/usr/share/foreman/script(/.*)? gen_context(system_u:object_r:httpd_foreman_script_exec_t,s0)
|
||
|
||
# Passenger non-SCL file contexts
|
||
|
foreman.te | ||
---|---|---|
## </desc>
|
||
gen_tunable(passenger_can_connect_smtp, true)
|
||
|
||
# define types for foreman scripts
|
||
apache_content_template(foreman)
|
||
|
||
# Some basic aliases for different aspects of the filesystem to make things
|
||
# more clear.
|
||
require{
|
||
... | ... | |
files_type(foreman_lib_t)
|
||
|
||
type foreman_log_t;
|
||
typealias foreman_log_t alias httpd_foreman_script_log_t;
|
||
logging_log_file(foreman_log_t)
|
||
|
||
type foreman_var_run_t;
|
||
... | ... | |
type websm_port_t;
|
||
}
|
||
|
||
#######################################
|
||
#
|
||
# Foreman local policy
|
||
#
|
||
|
||
manage_dirs_pattern(httpd_foreman_script_t, foreman_lib_t , foreman_lib_t)
|
||
manage_dirs_pattern(httpd_foreman_script_t, foreman_lib_t , foreman_lib_t)
|
||
|
||
manage_files_pattern(httpd_foreman_script_t, foreman_log_t , foreman_log_t)
|
||
|
||
manage_files_pattern(httpd_foreman_script_t, foreman_var_run_t , foreman_var_run_t)
|
||
|
||
files_read_etc_files(httpd_foreman_script_t)
|
||
|
||
logging_send_syslog_msg(httpd_foreman_script_t)
|
||
|
||
miscfiles_read_localization(httpd_foreman_script_t)
|
||
|
||
#######################################
|
||
#
|
||
# Passanger/httpd local policy
|
||
... | ... | |
')
|
||
')
|
||
|
||
optional_policy(`
|
||
tunable_policy(`passenger_run_foreman', `
|
||
read_files_pattern(passenger_t, httpd_foreman_script_exec_t, httpd_foreman_script_exec_t)
|
||
read_lnk_files_pattern(passenger_t, httpd_foreman_script_exec_t, httpd_foreman_script_exec_t)
|
||
manage_files_pattern(passenger_t, foreman_log_t , foreman_log_t)
|
||
')
|
||
')
|
||
|
||
optional_policy(`
|
||
tunable_policy(`passenger_run_foreman', `
|
||
allow passenger_t self:process getsession;
|
||
... | ... | |
manage_dirs_pattern(passenger_t, httpd_tmp_t, httpd_tmp_t)
|
||
manage_files_pattern(passenger_t, httpd_tmp_t, httpd_tmp_t)
|
||
manage_sock_files_pattern(passenger_t, httpd_tmp_t, httpd_tmp_t)
|
||
manage_files_pattern(passenger_t, foreman_log_t , foreman_log_t)
|
||
')
|
||
|
||
optional_policy(`
|
Also available in: Unified diff
Fixes #9791 - removed unused apache_template macro and types