1976ddda24
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
69 lines
1.6 KiB
Plaintext
69 lines
1.6 KiB
Plaintext
## <summary>Passenger policy</summary>
|
|
|
|
######################################
|
|
## <summary>
|
|
## Execute passenger in the passenger domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## The type of the process performing this action.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`passenger_domtrans',`
|
|
gen_require(`
|
|
type passenger_t;
|
|
type passenger_exec_t;
|
|
')
|
|
|
|
allow $1 self:capability { fowner fsetid };
|
|
|
|
allow $1 passenger_t:process signal;
|
|
|
|
domtrans_pattern($1, passenger_exec_t, passenger_t)
|
|
allow $1 passenger_t:unix_stream_socket { read write shutdown };
|
|
allow passenger_t $1:unix_stream_socket { read write };
|
|
')
|
|
|
|
######################################
|
|
## <summary>
|
|
## Manage passenger var_run content.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`passenger_manage_pid_content',`
|
|
gen_require(`
|
|
type passenger_var_run_t;
|
|
')
|
|
|
|
files_search_pids($1)
|
|
manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
|
manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
|
manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
|
manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read passenger lib files
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`passenger_read_lib_files',`
|
|
gen_require(`
|
|
type passenger_var_lib_t;
|
|
')
|
|
|
|
files_search_var_lib($1)
|
|
read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
|
read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
|
')
|