Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-23 07:53:57 +00:00
|
|
|
policy_module(passanger, 1.0.0)
|
2010-09-13 09:49:37 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
type passenger_t;
|
|
|
|
type passenger_exec_t;
|
|
|
|
domain_type(passenger_t)
|
|
|
|
domain_entry_file(passenger_t, passenger_exec_t)
|
|
|
|
role system_r types passenger_t;
|
|
|
|
|
|
|
|
type passenger_tmp_t;
|
|
|
|
files_tmp_file(passenger_tmp_t)
|
|
|
|
|
|
|
|
type passenger_var_lib_t;
|
|
|
|
files_type(passenger_var_lib_t)
|
|
|
|
|
2010-09-13 14:26:10 +00:00
|
|
|
type passenger_var_run_t;
|
|
|
|
files_pid_file(passenger_var_run_t)
|
2010-09-13 09:49:37 +00:00
|
|
|
|
|
|
|
permissive passenger_t;
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# passanger local policy
|
|
|
|
#
|
|
|
|
|
|
|
|
allow passenger_t self:capability { dac_override fsetid fowner chown setuid setgid };
|
|
|
|
allow passenger_t self:process signal;
|
|
|
|
allow passenger_t self:fifo_file rw_fifo_file_perms;
|
|
|
|
allow passenger_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
|
|
|
|
|
|
|
files_search_var_lib(passenger_t)
|
|
|
|
manage_dirs_pattern(passenger_t, passenger_var_lib_t, passenger_var_lib_t)
|
|
|
|
manage_files_pattern(passenger_t, passenger_var_lib_t, passenger_var_lib_t)
|
|
|
|
|
2010-09-13 14:26:10 +00:00
|
|
|
manage_dirs_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
|
|
|
|
manage_files_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
|
|
|
|
manage_fifo_files_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
|
|
|
|
manage_sock_files_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
|
|
|
|
files_pid_filetrans(passenger_t, passenger_var_run_t, { file dir sock_file })
|
|
|
|
|
2010-09-13 09:49:37 +00:00
|
|
|
kernel_read_system_state(passenger_t)
|
|
|
|
kernel_read_kernel_sysctls(passenger_t)
|
|
|
|
|
|
|
|
corenet_tcp_connect_http_port(passenger_t)
|
|
|
|
|
|
|
|
corecmd_exec_bin(passenger_t)
|
|
|
|
corecmd_exec_shell(passenger_t)
|
|
|
|
|
|
|
|
dev_read_urand(passenger_t)
|
|
|
|
|
|
|
|
files_read_etc_files(passenger_t)
|
|
|
|
|
|
|
|
auth_use_nsswitch(passenger_t)
|
|
|
|
|
|
|
|
miscfiles_read_localization(passenger_t)
|
|
|
|
|
|
|
|
userdom_dontaudit_use_user_terminals(passenger_t)
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
apache_append_log(passenger_t)
|
|
|
|
apache_read_sys_content(passenger_t)
|
|
|
|
')
|