add gitosis from miroslav grepl.
This commit is contained in:
parent
634a13c21f
commit
dbed95369c
@ -9,6 +9,7 @@
|
||||
- Handle unix_chkpwd usage by useradd and groupadd.
|
||||
- Add missing compatibility aliases for xdm_xserver*_t types.
|
||||
- Added modules:
|
||||
gitosis (Miroslav Grepl)
|
||||
hddtemp (Dan Walsh)
|
||||
kdump (Dan Walsh)
|
||||
shorewall (Dan Walsh)
|
||||
|
3
policy/modules/apps/gitosis.fc
Normal file
3
policy/modules/apps/gitosis.fc
Normal file
@ -0,0 +1,3 @@
|
||||
/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
|
||||
|
||||
/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
|
45
policy/modules/apps/gitosis.if
Normal file
45
policy/modules/apps/gitosis.if
Normal file
@ -0,0 +1,45 @@
|
||||
## <summary>Tools for managing and hosting git repositories.</summary>
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run gitosis.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`gitosis_domtrans',`
|
||||
gen_require(`
|
||||
type gitosis_t, gitosis_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, gitosis_exec_t, gitosis_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute gitosis-serve in the gitosis domain, and
|
||||
## allow the specified role the gitosis domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`gitosis_run',`
|
||||
gen_require(`
|
||||
type gitosis_t;
|
||||
')
|
||||
|
||||
gitosis_domtrans($1)
|
||||
role $2 types gitosis_t;
|
||||
')
|
||||
|
37
policy/modules/apps/gitosis.te
Normal file
37
policy/modules/apps/gitosis.te
Normal file
@ -0,0 +1,37 @@
|
||||
|
||||
policy_module(gitosis, 1.0.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type gitosis_t;
|
||||
type gitosis_exec_t;
|
||||
application_domain(gitosis_t, gitosis_exec_t)
|
||||
role system_r types gitosis_t;
|
||||
|
||||
type gitosis_var_lib_t;
|
||||
files_type(gitosis_var_lib_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# gitosis local policy
|
||||
#
|
||||
|
||||
allow gitosis_t self:fifo_file rw_fifo_file_perms;
|
||||
|
||||
exec_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||
manage_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||
manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||
manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||
|
||||
corecmd_exec_bin(gitosis_t)
|
||||
corecmd_exec_shell(gitosis_t)
|
||||
|
||||
kernel_read_system_state(gitosis_t)
|
||||
|
||||
files_read_usr_files(gitosis_t)
|
||||
files_search_var_lib(gitosis_t)
|
||||
|
||||
miscfiles_read_localization(gitosis_t)
|
Loading…
Reference in New Issue
Block a user