add missing interface
This commit is contained in:
Chris PeBenito
parent
be4690a5ae
commit
4c71994852
@ -360,6 +360,7 @@ optional_policy(`mta.te',`
|
|||||||
|
|
||||||
optional_policy(`mysql.te',`
|
optional_policy(`mysql.te',`
|
||||||
mysql_stream_connect(httpd_t)
|
mysql_stream_connect(httpd_t)
|
||||||
|
mysql_rw_db_socket(httpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nis.te',`
|
optional_policy(`nis.te',`
|
||||||
@ -389,16 +390,6 @@ allow httpd_t home_root_t:dir getattr;
|
|||||||
dontaudit httpd_t sysadm_home_dir_t:dir getattr;
|
dontaudit httpd_t sysadm_home_dir_t:dir getattr;
|
||||||
allow httpd_sys_script_t var_spool_t:dir getattr;
|
allow httpd_sys_script_t var_spool_t:dir getattr;
|
||||||
|
|
||||||
optional_policy(`mysql.te',`
|
|
||||||
allow httpd_t mysqld_db_t:dir search;
|
|
||||||
allow httpd_t mysqld_db_t:sock_file rw_file_perms;
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`mysql.te',`
|
|
||||||
allow httpd_sys_script_t mysqld_db_t:dir search;
|
|
||||||
allow httpd_sys_script_t mysqld_db_t:sock_file rw_file_perms;
|
|
||||||
')
|
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
if (httpd_enable_homedirs) {
|
if (httpd_enable_homedirs) {
|
||||||
allow httpd_t user_home_dir_t:dir { getattr search };
|
allow httpd_t user_home_dir_t:dir { getattr search };
|
||||||
@ -615,6 +606,7 @@ ifdef(`distro_redhat',`
|
|||||||
|
|
||||||
optional_policy(`mysql.te',`
|
optional_policy(`mysql.te',`
|
||||||
mysql_stream_connect(httpd_sys_script_t)
|
mysql_stream_connect(httpd_sys_script_t)
|
||||||
|
mysql_rw_db_socket(httpd_sys_script_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|||||||
@ -11,7 +11,6 @@
|
|||||||
interface(`mysql_signal',`
|
interface(`mysql_signal',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_t;
|
type mysqld_t;
|
||||||
class process signal;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 mysqld_t:process signal;
|
allow $1 mysqld_t:process signal;
|
||||||
@ -28,9 +27,6 @@ interface(`mysql_signal',`
|
|||||||
interface(`mysql_stream_connect',`
|
interface(`mysql_stream_connect',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_t, mysqld_var_run_t;
|
type mysqld_t, mysqld_var_run_t;
|
||||||
class unix_stream_socket connectto;
|
|
||||||
class dir search;
|
|
||||||
class sock_file write;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 mysqld_var_run_t:dir search;
|
allow $1 mysqld_var_run_t:dir search;
|
||||||
@ -49,9 +45,6 @@ interface(`mysql_stream_connect',`
|
|||||||
interface(`mysql_read_config',`
|
interface(`mysql_read_config',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_etc_t;
|
type mysqld_etc_t;
|
||||||
class dir { getattr read search };
|
|
||||||
class file { read getattr };
|
|
||||||
class lnk_file { getattr read };
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 mysqld_etc_t:dir { getattr read search };
|
allow $1 mysqld_etc_t:dir { getattr read search };
|
||||||
@ -73,7 +66,6 @@ interface(`mysql_read_config',`
|
|||||||
interface(`mysql_search_db_dir',`
|
interface(`mysql_search_db_dir',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_db_t;
|
type mysqld_db_t;
|
||||||
class dir search;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
@ -91,7 +83,6 @@ interface(`mysql_search_db_dir',`
|
|||||||
interface(`mysql_rw_db_dir',`
|
interface(`mysql_rw_db_dir',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_db_t;
|
type mysqld_db_t;
|
||||||
class rw_dir_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
@ -109,13 +100,31 @@ interface(`mysql_rw_db_dir',`
|
|||||||
interface(`mysql_manage_db_dir',`
|
interface(`mysql_manage_db_dir',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysql_db_t;
|
type mysql_db_t;
|
||||||
class create_dir_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
allow $1 mysqld_db_t:dir create_dir_perms;
|
allow $1 mysqld_db_t:dir create_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read and write to the MySQL database
|
||||||
|
## named socket.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## Domain allowed access.
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`mysql_rw_db_socket',`
|
||||||
|
gen_require(`
|
||||||
|
type mysqld_db_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_var_lib($1)
|
||||||
|
allow $1 mysqld_db_t:dir search;
|
||||||
|
allow $1 mysqld_db_t:sock_file rw_file_perms;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Write to the MySQL log.
|
## Write to the MySQL log.
|
||||||
@ -127,7 +136,6 @@ interface(`mysql_manage_db_dir',`
|
|||||||
interface(`mysql_write_log',`
|
interface(`mysql_write_log',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_log_t;
|
type mysqld_log_t;
|
||||||
class file { write append setattr ioctl };
|
|
||||||
')
|
')
|
||||||
|
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user