trunk: add 3rd party interface for apache cgi.
This commit is contained in:
parent
63acaf59d7
commit
371d11ec04
@ -1,3 +1,4 @@
|
|||||||
|
- Add third-party interface for Apache CGI.
|
||||||
- Add getserv and shmemserv nscd permissions.
|
- Add getserv and shmemserv nscd permissions.
|
||||||
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
|
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
|
||||||
- Added modules:
|
- Added modules:
|
||||||
|
@ -985,6 +985,24 @@ interface(`apache_read_sys_content',`
|
|||||||
read_lnk_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
|
read_lnk_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Search apache system CGI directories.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`apache_search_sys_scripts',`
|
||||||
|
gen_require(`
|
||||||
|
type httpd_sys_content_t, httpd_sys_script_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Search system script state directory.
|
## Search system script state directory.
|
||||||
@ -1002,3 +1020,39 @@ interface(`apache_search_sys_script_state',`
|
|||||||
|
|
||||||
allow $1 httpd_sys_script_t:dir search_dir_perms;
|
allow $1 httpd_sys_script_t:dir search_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute CGI in the specified domain.
|
||||||
|
## </summary>
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Execute CGI in the specified domain.
|
||||||
|
## </p>
|
||||||
|
## <p>
|
||||||
|
## This is an interface to support third party modules
|
||||||
|
## and its use is not allowed in upstream reference
|
||||||
|
## policy.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain run the cgi script in.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="entrypoint">
|
||||||
|
## <summary>
|
||||||
|
## Type of the executable to enter the cgi domain.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`apache_cgi_domain',`
|
||||||
|
gen_require(`
|
||||||
|
type httpd_t, httpd_sys_script_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
domtrans_pattern(httpd_t, $2, $1)
|
||||||
|
apache_search_sys_scripts($1)
|
||||||
|
|
||||||
|
allow httpd_t $1:process signal;
|
||||||
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(apache,1.7.0)
|
policy_module(apache,1.7.1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# NOTES:
|
# NOTES:
|
||||||
|
Loading…
Reference in New Issue
Block a user