Revision 9554703f
Added by Lukas Zapletal almost 10 years ago
foreman-selinux-relabel | ||
---|---|---|
#!/bin/bash
|
||
|
||
# relabel foreman
|
||
/sbin/restorecon -rvvi /usr/share/foreman \
|
||
/sbin/restorecon -ri $* /usr/share/foreman \
|
||
/var/lib/foreman \
|
||
/var/run/foreman \
|
||
/var/log/foreman \
|
||
/etc/foreman \
|
||
/etc/puppet/node.rb \
|
||
/etc/sysconfig/foreman \
|
||
/etc/rc.d/init.d/foreman \
|
||
/etc/logrotate.d/foreman \
|
||
/etc/cron.d/foreman
|
||
/etc/sysconfig/foreman* \
|
||
/etc/rc.d/init.d/foreman* \
|
||
/etc/logrotate.d/foreman* \
|
||
/etc/cron.d/foreman* \
|
||
/usr/lib/ruby/gems/1.8/gems/passenger-* \
|
||
/usr/lib64/ruby/site_ruby/1.8/x86_64-linux/agents
|
||
|
||
# relabel SCL mod_passenger if found
|
||
[ -d /opt/rh/ruby193/ ] && /sbin/restorecon -rvvi \
|
||
# relabel SCL mod_passenger and foreman plugins if SCL is found
|
||
[ -d /opt/rh/ruby193/ ] && /sbin/restorecon -ri $* \
|
||
/opt/rh/ruby193/root/usr/share/gems/gems/passenger-* \
|
||
/opt/rh/ruby193/root/usr/lib64/gems/exts/passenger-*/agents \
|
||
/usr/lib/ruby/gems/1.8/gems/passenger-* \
|
||
/usr/lib64/ruby/site_ruby/1.8/x86_64-linux/agents
|
||
/opt/rh/ruby193/root/usr/share/gems/gems/foreman*
|
foreman.fc | ||
---|---|---|
# Foreman Hooks plugin
|
||
|
||
/usr/share/foreman/config/hooks(/.*)? gen_context(system_u:object_r:foreman_hook_t,s0)
|
||
|
||
# Foreman Tasks plugin
|
||
|
||
/usr/share/gems/gems/foreman-tasks-*/bin/foreman-tasks -- gen_context(system_u:object_r:foreman_tasks_exec_t,s0)
|
||
/opt/rh/ruby193/root/usr/share/gems/gems/foreman-tasks-.*/bin/foreman-tasks -- gen_context(system_u:object_r:foreman_tasks_exec_t,s0)
|
foreman.te | ||
---|---|---|
#
|
||
|
||
# no rules necessary
|
||
|
||
######################################
|
||
#
|
||
# Foreman Tasks plugin
|
||
#
|
||
|
||
# the plugin daemon uses daemon gem for the backround job
|
||
type foreman_tasks_exec_t;
|
||
init_daemon_domain(passenger_t, foreman_tasks_exec_t)
|
Also available in: Unified diff
Fixes #5870 - Foreman-tasks selinux policy added