Added a file context for httpd.pid so that it is correctly labeled

Added some rules to mysql to make it work
This commit is contained in:
Don Miner 2005-10-24 00:23:12 +00:00
parent 60de986a0c
commit f8964c04ba
2 changed files with 5 additions and 1 deletions

View File

@ -53,6 +53,7 @@ ifdef(`distro_debian', `
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0) /var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0) /var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0) /var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0) /var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0)

View File

@ -32,7 +32,7 @@ files_tmp_file(mysqld_tmp_t)
allow mysqld_t self:capability { dac_override setgid setuid }; allow mysqld_t self:capability { dac_override setgid setuid };
dontaudit mysqld_t self:capability sys_tty_config; dontaudit mysqld_t self:capability sys_tty_config;
allow mysqld_t self:process { setsched getsched }; allow mysqld_t self:process { setsched getsched signal_perms };
allow mysqld_t self:fifo_file { read write }; allow mysqld_t self:fifo_file { read write };
allow mysqld_t self:netlink_route_socket r_netlink_socket_perms; allow mysqld_t self:netlink_route_socket r_netlink_socket_perms;
allow mysqld_t self:unix_stream_socket create_stream_socket_perms; allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
@ -52,6 +52,7 @@ allow mysqld_t mysqld_tmp_t:dir create_dir_perms;
allow mysqld_t mysqld_tmp_t:file create_file_perms; allow mysqld_t mysqld_tmp_t:file create_file_perms;
files_create_tmp_files(mysqld_t, mysqld_tmp_t, { file dir }) files_create_tmp_files(mysqld_t, mysqld_tmp_t, { file dir })
allow mysqld_t mysqld_var_run_t:dir rw_dir_perms;
allow mysqld_t mysqld_var_run_t:sock_file create_file_perms; allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
allow mysqld_t mysqld_var_run_t:file create_file_perms; allow mysqld_t mysqld_var_run_t:file create_file_perms;
files_create_pid(mysqld_t,mysqld_var_run_t) files_create_pid(mysqld_t,mysqld_var_run_t)
@ -85,7 +86,9 @@ domain_use_wide_inherit_fd(mysqld_t)
files_getattr_var_lib_dir(mysqld_t) files_getattr_var_lib_dir(mysqld_t)
files_read_etc_runtime_files(mysqld_t) files_read_etc_runtime_files(mysqld_t)
files_read_etc_files(mysqld_t)
files_read_usr_files(mysqld_t) files_read_usr_files(mysqld_t)
files_search_var_lib(mysqld_t)
init_use_fd(mysqld_t) init_use_fd(mysqld_t)
init_use_script_pty(mysqld_t) init_use_script_pty(mysqld_t)