## Passenger policy ###################################### ## ## Execute passenger in the passenger domain. ## ## ## ## The type of the process performing this action. ## ## # interface(`passenger_domtrans',` gen_require(` type passenger_t, passenger_exec_t; ') allow $1 self:capability { fowner fsetid }; allow $1 passenger_t:process signal; domtrans_pattern($1, passenger_exec_t, passenger_t) allow $1 passenger_t:unix_stream_socket { read write shutdown }; allow passenger_t $1:unix_stream_socket { read write }; ') ###################################### ## ## Manage passenger var_run content. ## ## ## ## Domain allowed access. ## ## # interface(`passenger_manage_pid_content',` gen_require(` type passenger_var_run_t; ') files_search_pids($1) manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t) manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t) manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t) manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t) ') ######################################## ## ## Read passenger lib files ## ## ## ## Domain to not audit. ## ## # interface(`passenger_read_lib_files',` gen_require(` type passenger_var_lib_t; ') files_search_var_lib($1) read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t) read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t) ')