selinux-policy/policy/modules/services/passenger.if
Dominick Grift 8ab34f0132 XML summary fixes.
XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.
2010-09-20 18:18:44 +02:00

68 lines
1.6 KiB
Plaintext

## <summary>Passenger policy</summary>
######################################
## <summary>
## Execute passenger in the passenger domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`passenger_domtrans',`
gen_require(`
type passenger_t, passenger_exec_t;
')
allow $1 self:capability { fowner fsetid };
allow $1 passenger_t:process signal;
domtrans_pattern($1, passenger_exec_t, passenger_t)
allow $1 passenger_t:unix_stream_socket { read write shutdown };
allow passenger_t $1:unix_stream_socket { read write };
')
######################################
## <summary>
## Manage passenger var_run content.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`passenger_manage_pid_content',`
gen_require(`
type passenger_var_run_t;
')
files_search_pids($1)
manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t)
manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
')
########################################
## <summary>
## Read passenger lib files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`passenger_read_lib_files',`
gen_require(`
type passenger_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
')