pull in apache_admin() from fedora
This commit is contained in:
Chris PeBenito
parent
91550027de
commit
4be3e11094
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(webadm, 1.0.0)
|
policy_module(webadm, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -42,7 +42,7 @@ logging_send_syslog_msg(webadm_t)
|
|||||||
|
|
||||||
userdom_dontaudit_search_user_home_dirs(webadm_t)
|
userdom_dontaudit_search_user_home_dirs(webadm_t)
|
||||||
|
|
||||||
#apache_admin(webadm_t, webadm_r)
|
apache_admin(webadm_t, webadm_r)
|
||||||
|
|
||||||
tunable_policy(`webadm_manage_user_files',`
|
tunable_policy(`webadm_manage_user_files',`
|
||||||
userdom_manage_user_home_content_files(webadm_t)
|
userdom_manage_user_home_content_files(webadm_t)
|
||||||
|
|||||||
@ -1040,3 +1040,68 @@ interface(`apache_cgi_domain',`
|
|||||||
|
|
||||||
allow httpd_t $1:process signal;
|
allow httpd_t $1:process signal;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## All of the rules required to administrate an apache environment
|
||||||
|
## </summary>
|
||||||
|
## <param name="prefix">
|
||||||
|
## <summary>
|
||||||
|
## Prefix of the domain. Example, user would be
|
||||||
|
## the prefix for the uder_t domain.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="role">
|
||||||
|
## <summary>
|
||||||
|
## Role allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <rolecap/>
|
||||||
|
#
|
||||||
|
interface(`apache_admin',`
|
||||||
|
gen_require(`
|
||||||
|
attribute httpdcontent;
|
||||||
|
attribute httpd_script_exec_type;
|
||||||
|
|
||||||
|
type httpd_t, httpd_config_t, httpd_log_t;
|
||||||
|
type httpd_modules_t, httpd_lock_t;
|
||||||
|
type httpd_var_run_t, httpd_php_tmp_t;
|
||||||
|
type httpd_suexec_tmp_t, httpd_tmp_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 httpd_t:process { getattr ptrace signal_perms };
|
||||||
|
ps_process_pattern($1, httpd_t)
|
||||||
|
|
||||||
|
apache_manage_all_content($1)
|
||||||
|
miscfiles_manage_public_files($1)
|
||||||
|
|
||||||
|
files_search_etc($1)
|
||||||
|
admin_pattern($1, httpd_config_t)
|
||||||
|
|
||||||
|
logging_search_logs($1)
|
||||||
|
admin_pattern($1, httpd_log_t)
|
||||||
|
|
||||||
|
admin_pattern($1, httpd_modules_t)
|
||||||
|
|
||||||
|
admin_pattern($1, httpd_lock_t)
|
||||||
|
files_lock_filetrans($1, httpd_lock_t, file)
|
||||||
|
|
||||||
|
admin_pattern($1, httpd_var_run_t)
|
||||||
|
files_pid_filetrans($1, httpd_var_run_t, file)
|
||||||
|
|
||||||
|
kernel_search_proc($1)
|
||||||
|
allow $1 httpd_t:dir list_dir_perms;
|
||||||
|
|
||||||
|
read_lnk_files_pattern($1, httpd_t, httpd_t)
|
||||||
|
|
||||||
|
admin_pattern($1, httpdcontent)
|
||||||
|
admin_pattern($1, httpd_script_exec_type)
|
||||||
|
admin_pattern($1, httpd_tmp_t)
|
||||||
|
admin_pattern($1, httpd_php_tmp_t)
|
||||||
|
admin_pattern($1, httpd_suexec_tmp_t)
|
||||||
|
')
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(apache, 2.0.2)
|
policy_module(apache, 2.0.3)
|
||||||
|
|
||||||
#
|
#
|
||||||
# NOTES:
|
# NOTES:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user