cobbler patch from Dan Walsh

2010-05-07 10:09:07 -04:00 · 2010-05-07 10:09:07 -04:00 · a2524cfa77
commit a2524cfa77
parent fb3fc9e4f0
2 changed files with 15 additions and 1 deletions
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@ -173,9 +173,11 @@ interface(`cobblerd_admin',`
 	files_list_var_lib($1)
 	admin_pattern($1, cobbler_var_lib_t)

-	files_search_var_log($1)
+	logging_search_logs($1)
 	admin_pattern($1, cobbler_var_log_t)

+	admin_pattern($1, httpd_cobbler_content_rw_t)
+
 	cobblerd_initrc_domtrans($1)
 	domain_system_change_exemption($1)
 	role_transition $2 cobblerd_initrc_exec_t system_r;
--- a/policy/modules/services/cobbler.te
+++ b/policy/modules/services/cobbler.te
@ -40,6 +40,7 @@ allow cobblerd_t self:process { getsched setsched signal };
 allow cobblerd_t self:fifo_file rw_fifo_file_perms;
 allow cobblerd_t self:tcp_socket create_stream_socket_perms;

+list_dirs_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)
 read_files_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)

 manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
@ -68,6 +69,8 @@ corenet_tcp_sendrecv_generic_port(cobblerd_t)

 dev_read_urand(cobblerd_t)

+# read /etc/nsswitch.conf
+files_read_etc_files(cobblerd_t)
 files_read_usr_files(cobblerd_t)
 files_list_boot(cobblerd_t)
 files_list_tmp(cobblerd_t)
@ -119,3 +122,12 @@ optional_policy(`
 optional_policy(`
 	tftp_manage_rw_content(cobblerd_t)
 ')
+
+########################################
+#
+# Cobbler web local policy.
+#
+
+apache_content_template(cobbler)
+manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t,  httpd_cobbler_content_rw_t)
+manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t,  httpd_cobbler_content_rw_t)