# Roundup Issue Tracking System # # Authors: W. Michael Petullo <redhat@flyn.org # daemon_domain(roundup) var_lib_domain(roundup) can_network(roundup_t) allow roundup_t http_cache_port_t:tcp_socket name_bind; allow roundup_t smtp_port_t:tcp_socket name_connect; # execute python allow roundup_t bin_t:dir r_dir_perms; can_exec(roundup_t, bin_t) allow roundup_t bin_t:lnk_file read; allow roundup_t self:capability { setgid setuid }; allow roundup_t self:unix_stream_socket create_stream_socket_perms; ifdef(`mysqld.te', ` allow roundup_t mysqld_db_t:dir search; allow roundup_t mysqld_var_run_t:sock_file write; allow roundup_t mysqld_t:unix_stream_socket connectto; ') # /usr/share/mysql/charsets/Index.xml allow roundup_t usr_t:file { getattr read }; allow roundup_t urandom_device_t:chr_file { getattr read }; allow roundup_t etc_t:file { getattr read };