Added a file context for httpd.pid so that it is correctly labeled
Added some rules to mysql to make it work
This commit is contained in:
parent
60de986a0c
commit
f8964c04ba
@ -53,6 +53,7 @@ ifdef(`distro_debian', `
|
|||||||
|
|
||||||
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
|
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
|
||||||
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
|
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
|
||||||
|
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
|
||||||
|
|
||||||
/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
|
/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
|
||||||
/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0)
|
/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0)
|
||||||
|
@ -32,7 +32,7 @@ files_tmp_file(mysqld_tmp_t)
|
|||||||
|
|
||||||
allow mysqld_t self:capability { dac_override setgid setuid };
|
allow mysqld_t self:capability { dac_override setgid setuid };
|
||||||
dontaudit mysqld_t self:capability sys_tty_config;
|
dontaudit mysqld_t self:capability sys_tty_config;
|
||||||
allow mysqld_t self:process { setsched getsched };
|
allow mysqld_t self:process { setsched getsched signal_perms };
|
||||||
allow mysqld_t self:fifo_file { read write };
|
allow mysqld_t self:fifo_file { read write };
|
||||||
allow mysqld_t self:netlink_route_socket r_netlink_socket_perms;
|
allow mysqld_t self:netlink_route_socket r_netlink_socket_perms;
|
||||||
allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
|
allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
@ -52,6 +52,7 @@ allow mysqld_t mysqld_tmp_t:dir create_dir_perms;
|
|||||||
allow mysqld_t mysqld_tmp_t:file create_file_perms;
|
allow mysqld_t mysqld_tmp_t:file create_file_perms;
|
||||||
files_create_tmp_files(mysqld_t, mysqld_tmp_t, { file dir })
|
files_create_tmp_files(mysqld_t, mysqld_tmp_t, { file dir })
|
||||||
|
|
||||||
|
allow mysqld_t mysqld_var_run_t:dir rw_dir_perms;
|
||||||
allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
|
allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
|
||||||
allow mysqld_t mysqld_var_run_t:file create_file_perms;
|
allow mysqld_t mysqld_var_run_t:file create_file_perms;
|
||||||
files_create_pid(mysqld_t,mysqld_var_run_t)
|
files_create_pid(mysqld_t,mysqld_var_run_t)
|
||||||
@ -85,7 +86,9 @@ domain_use_wide_inherit_fd(mysqld_t)
|
|||||||
|
|
||||||
files_getattr_var_lib_dir(mysqld_t)
|
files_getattr_var_lib_dir(mysqld_t)
|
||||||
files_read_etc_runtime_files(mysqld_t)
|
files_read_etc_runtime_files(mysqld_t)
|
||||||
|
files_read_etc_files(mysqld_t)
|
||||||
files_read_usr_files(mysqld_t)
|
files_read_usr_files(mysqld_t)
|
||||||
|
files_search_var_lib(mysqld_t)
|
||||||
|
|
||||||
init_use_fd(mysqld_t)
|
init_use_fd(mysqld_t)
|
||||||
init_use_script_pty(mysqld_t)
|
init_use_script_pty(mysqld_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user