Revision b13ec514
Added by Lukas Zapletal almost 10 years ago
| foreman.te | ||
|---|---|---|
|
type foreman_var_run_t;
|
||
|
files_pid_file(foreman_var_run_t)
|
||
|
|
||
|
type foreman_proxy_port_t;
|
||
|
corenet_port(foreman_proxy_port_t)
|
||
|
|
||
|
require{
|
||
|
type bin_t;
|
||
|
type httpd_t;
|
||
| ... | ... | |
|
type puppetmaster_exec_t;
|
||
|
type puppetmaster_t;
|
||
|
type sysctl_net_t;
|
||
|
type websm_port_t;
|
||
|
}
|
||
|
|
||
|
#######################################
|
||
| ... | ... | |
|
|
||
|
miscfiles_read_localization(passenger_t)
|
||
|
|
||
|
# Allow Foreman to connect to Foreman Proxy on port 9090 (Katello)
|
||
|
allow passenger_t websm_port_t:tcp_socket name_connect;
|
||
|
|
||
|
# Allow Foreman to connect to Foreman Proxy on a defined port
|
||
|
allow passenger_t foreman_proxy_port_t:tcp_socket name_connect;
|
||
|
|
||
|
# Allow Foreman to connect to PostgreSQL
|
||
|
corenet_tcp_connect_postgresql_port(passenger_t)
|
||
|
optional_policy(`
|
||
Also available in: Unified diff
Fixes #5827 - Allowed port 9090 and new foreman_proxy_port_t introduced