Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
This commit is contained in:
commit
596d86ad6c
@ -106,8 +106,8 @@ sysnet_etc_filetrans_config(vpnc_t)
|
|||||||
sysnet_manage_config(vpnc_t)
|
sysnet_manage_config(vpnc_t)
|
||||||
|
|
||||||
userdom_use_all_users_fds(vpnc_t)
|
userdom_use_all_users_fds(vpnc_t)
|
||||||
userdom_dontaudit_search_user_home_content(vpnc_t)
|
|
||||||
userdom_read_home_certs(vpnc_t)
|
userdom_read_home_certs(vpnc_t)
|
||||||
|
userdom_search_admin_dir(vpnc_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_system_bus_client(vpnc_t)
|
dbus_system_bus_client(vpnc_t)
|
||||||
|
10
policy/modules/apps/mediawiki.fc
Normal file
10
policy/modules/apps/mediawiki.fc
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
|
||||||
|
/usr/lib(64)?/mediawiki/math/texvc -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
|
||||||
|
/usr/lib(64)?/mediawiki/math/texvc_tex -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
|
||||||
|
/usr/lib(64)?/mediawiki/math/texvc_tes -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
|
||||||
|
|
||||||
|
/var/www/wiki(/.*)? gen_context(system_u:object_r:httpd_mediawiki_rw_content_t,s0)
|
||||||
|
|
||||||
|
/var/www/wiki/.*\.php -- gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
|
||||||
|
|
||||||
|
/usr/share/mediawiki(/.*)? gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
|
40
policy/modules/apps/mediawiki.if
Normal file
40
policy/modules/apps/mediawiki.if
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
## <summary>Mediawiki policy</summary>
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Allow the specified domain to read
|
||||||
|
## mediawiki tmp files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`mediawiki_read_tmp_files',`
|
||||||
|
gen_require(`
|
||||||
|
type httpd_mediawiki_tmp_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_tmp($1)
|
||||||
|
read_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
|
||||||
|
read_lnk_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Delete mediawiki tmp files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`mediawiki_delete_tmp_files',`
|
||||||
|
gen_require(`
|
||||||
|
type httpd_mediawiki_tmp_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
|
||||||
|
')
|
35
policy/modules/apps/mediawiki.te
Normal file
35
policy/modules/apps/mediawiki.te
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
|
||||||
|
policy_module(mediawiki, 1.0.0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Declarations
|
||||||
|
#
|
||||||
|
|
||||||
|
apache_content_template(mediawiki)
|
||||||
|
|
||||||
|
type httpd_mediawiki_tmp_t;
|
||||||
|
files_tmp_file(httpd_mediawiki_tmp_t)
|
||||||
|
|
||||||
|
permissive httpd_mediawiki_script_t;
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# mediawiki local policy
|
||||||
|
#
|
||||||
|
|
||||||
|
manage_dirs_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
|
||||||
|
manage_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
|
||||||
|
manage_lnk_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
|
||||||
|
files_tmp_filetrans(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, { file dir lnk_file })
|
||||||
|
|
||||||
|
files_search_var_lib(httpd_mediawiki_script_t)
|
||||||
|
|
||||||
|
userdom_read_user_tmp_files(httpd_mediawiki_script_t)
|
||||||
|
|
||||||
|
miscfiles_read_tetex_data(httpd_mediawiki_script_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
apache_dontaudit_rw_tmp_files(httpd_mediawiki_script_t)
|
||||||
|
')
|
||||||
|
|
@ -273,6 +273,7 @@ ifdef(`distro_gentoo',`
|
|||||||
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/share/texmf/texconfig/tcfmgr -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/vhostmd/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/vhostmd/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
|
@ -718,6 +718,11 @@ optional_policy(`
|
|||||||
mailman_read_archive(httpd_t)
|
mailman_read_archive(httpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
mediawiki_read_tmp_files(httpd_t)
|
||||||
|
mediawiki_delete_tmp_files(httpd_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
# Allow httpd to work with mysql
|
# Allow httpd to work with mysql
|
||||||
mysql_read_config(httpd_t)
|
mysql_read_config(httpd_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user