trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide.
This commit is contained in:
parent
5fe7de9ea9
commit
e311e23a44
@ -1,3 +1,5 @@
|
||||
- Fix httpd_enable_homedirs to actually provide the access it is supposed to
|
||||
provide.
|
||||
- Add unused interface/template parameter metadata in XML.
|
||||
- Patch to handle postfix data_directory from Vaclav Ovsik.
|
||||
- SE-Postgresql policy from KaiGai Kohei.
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(apache, 1.9.3)
|
||||
policy_module(apache, 1.9.4)
|
||||
|
||||
#
|
||||
# NOTES:
|
||||
@ -394,6 +394,10 @@ tunable_policy(`httpd_enable_ftp_server',`
|
||||
corenet_tcp_bind_ftp_port(httpd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs',`
|
||||
userdom_read_unpriv_users_home_content_files(httpd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
|
||||
fs_read_nfs_files(httpd_t)
|
||||
fs_read_nfs_symlinks(httpd_t)
|
||||
@ -634,6 +638,10 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
|
||||
domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs',`
|
||||
userdom_read_unpriv_users_home_content_files(httpd_suexec_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
|
||||
fs_read_nfs_files(httpd_suexec_t)
|
||||
fs_read_nfs_symlinks(httpd_suexec_t)
|
||||
@ -688,6 +696,10 @@ ifdef(`distro_redhat',`
|
||||
allow httpd_sys_script_t httpd_log_t:file { getattr append };
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs',`
|
||||
userdom_read_unpriv_users_home_content_files(httpd_sys_script_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
|
||||
fs_read_nfs_files(httpd_sys_script_t)
|
||||
fs_read_nfs_symlinks(httpd_sys_script_t)
|
||||
|
Loading…
Reference in New Issue
Block a user