trunk: add 3rd party interface for apache cgi.

This commit is contained in:
Chris PeBenito 2007-07-26 19:48:40 +00:00
parent 63acaf59d7
commit 371d11ec04
3 changed files with 56 additions and 1 deletions

View File

@ -1,3 +1,4 @@
- Add third-party interface for Apache CGI.
- Add getserv and shmemserv nscd permissions. - Add getserv and shmemserv nscd permissions.
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus. - Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
- Added modules: - Added modules:

View File

@ -985,6 +985,24 @@ interface(`apache_read_sys_content',`
read_lnk_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t) read_lnk_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
') ')
########################################
## <summary>
## Search apache system CGI directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`apache_search_sys_scripts',`
gen_require(`
type httpd_sys_content_t, httpd_sys_script_exec_t;
')
search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
')
######################################## ########################################
## <summary> ## <summary>
## Search system script state directory. ## Search system script state directory.
@ -1002,3 +1020,39 @@ interface(`apache_search_sys_script_state',`
allow $1 httpd_sys_script_t:dir search_dir_perms; allow $1 httpd_sys_script_t:dir search_dir_perms;
') ')
########################################
## <summary>
## Execute CGI in the specified domain.
## </summary>
## <desc>
## <p>
## Execute CGI in the specified domain.
## </p>
## <p>
## This is an interface to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain run the cgi script in.
## </summary>
## </param>
## <param name="entrypoint">
## <summary>
## Type of the executable to enter the cgi domain.
## </summary>
## </param>
#
interface(`apache_cgi_domain',`
gen_require(`
type httpd_t, httpd_sys_script_exec_t;
')
domtrans_pattern(httpd_t, $2, $1)
apache_search_sys_scripts($1)
allow httpd_t $1:process signal;
')

View File

@ -1,5 +1,5 @@
policy_module(apache,1.7.0) policy_module(apache,1.7.1)
# #
# NOTES: # NOTES: