trunk: add 3rd party interface for apache cgi.
This commit is contained in:
parent
63acaf59d7
commit
371d11ec04
@ -1,3 +1,4 @@
|
||||
- Add third-party interface for Apache CGI.
|
||||
- Add getserv and shmemserv nscd permissions.
|
||||
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
|
||||
- Added modules:
|
||||
|
@ -985,6 +985,24 @@ interface(`apache_read_sys_content',`
|
||||
read_lnk_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search apache system CGI directories.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`apache_search_sys_scripts',`
|
||||
gen_require(`
|
||||
type httpd_sys_content_t, httpd_sys_script_exec_t;
|
||||
')
|
||||
|
||||
search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search system script state directory.
|
||||
@ -1002,3 +1020,39 @@ interface(`apache_search_sys_script_state',`
|
||||
|
||||
allow $1 httpd_sys_script_t:dir search_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute CGI in the specified domain.
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Execute CGI in the specified domain.
|
||||
## </p>
|
||||
## <p>
|
||||
## This is an interface to support third party modules
|
||||
## and its use is not allowed in upstream reference
|
||||
## policy.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain run the cgi script in.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="entrypoint">
|
||||
## <summary>
|
||||
## Type of the executable to enter the cgi domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`apache_cgi_domain',`
|
||||
gen_require(`
|
||||
type httpd_t, httpd_sys_script_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern(httpd_t, $2, $1)
|
||||
apache_search_sys_scripts($1)
|
||||
|
||||
allow httpd_t $1:process signal;
|
||||
')
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(apache,1.7.0)
|
||||
policy_module(apache,1.7.1)
|
||||
|
||||
#
|
||||
# NOTES:
|
||||
|
Loading…
Reference in New Issue
Block a user