add gitosis from miroslav grepl.

2009-09-03 09:52:08 -04:00 · 2009-09-03 09:52:08 -04:00 · dbed95369c
parent 634a13c21f
commit dbed95369c
4 changed files with 86 additions and 0 deletions
--- a/1
+++ b/1
@ -9,6 +9,7 @@
 - Handle unix_chkpwd usage by useradd and groupadd.
 - Add missing compatibility aliases for xdm_xserver*_t types.
 - Added modules:
+	gitosis (Miroslav Grepl)
 	hddtemp (Dan Walsh)
 	kdump (Dan Walsh)
 	shorewall (Dan Walsh)
--- a/policy/modules/apps/gitosis.fc
+++ b/policy/modules/apps/gitosis.fc
@ -0,0 +1,3 @@
+/usr/bin/gitosis-serve			--	gen_context(system_u:object_r:gitosis_exec_t,s0)
+
+/var/lib/gitosis(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
--- a/policy/modules/apps/gitosis.if
+++ b/policy/modules/apps/gitosis.if
@ -0,0 +1,45 @@
+## <summary>Tools for managing and hosting git repositories.</summary>
+
+#######################################
+## <summary>
+##	Execute a domain transition to run gitosis.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`gitosis_domtrans',`
+	gen_require(`
+		type gitosis_t, gitosis_exec_t;
+	')
+
+	domtrans_pattern($1, gitosis_exec_t, gitosis_t)
+')
+
+#######################################
+## <summary>
+##	Execute gitosis-serve in the gitosis domain, and
+##	allow the specified role the gitosis domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+interface(`gitosis_run',`
+	gen_require(`
+		type gitosis_t;
+	')
+
+	gitosis_domtrans($1)
+	role $2 types gitosis_t;
+')
+
--- a/policy/modules/apps/gitosis.te
+++ b/policy/modules/apps/gitosis.te
@ -0,0 +1,37 @@
+
+policy_module(gitosis, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type gitosis_t;
+type gitosis_exec_t;
+application_domain(gitosis_t, gitosis_exec_t)
+role system_r types gitosis_t;
+
+type gitosis_var_lib_t;
+files_type(gitosis_var_lib_t)
+
+########################################
+#
+# gitosis local policy
+#
+
+allow gitosis_t self:fifo_file rw_fifo_file_perms;
+
+exec_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
+manage_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
+manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
+manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
+
+corecmd_exec_bin(gitosis_t) 
+corecmd_exec_shell(gitosis_t)
+
+kernel_read_system_state(gitosis_t)
+
+files_read_usr_files(gitosis_t)
+files_search_var_lib(gitosis_t)
+
+miscfiles_read_localization(gitosis_t)