56 lines
1.2 KiB
Plaintext
56 lines
1.2 KiB
Plaintext
policy_module(webadm, 1.1.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow webadm to manage files in users home directories
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(webadm_manage_user_files, false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow webadm to read files in users home directories
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(webadm_read_user_files, false)
|
|
|
|
role webadm_r;
|
|
|
|
userdom_base_user_template(webadm)
|
|
|
|
########################################
|
|
#
|
|
# webadmin local policy
|
|
#
|
|
|
|
allow webadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
|
|
|
|
files_dontaudit_search_all_dirs(webadm_t)
|
|
files_manage_generic_locks(webadm_t)
|
|
files_list_var(webadm_t)
|
|
|
|
selinux_get_enforce_mode(webadm_t)
|
|
seutil_domtrans_setfiles(webadm_t)
|
|
|
|
logging_send_syslog_msg(webadm_t)
|
|
|
|
userdom_dontaudit_search_user_home_dirs(webadm_t)
|
|
|
|
apache_admin(webadm_t, webadm_r)
|
|
|
|
tunable_policy(`webadm_manage_user_files',`
|
|
userdom_manage_user_home_content_files(webadm_t)
|
|
userdom_read_user_tmp_files(webadm_t)
|
|
userdom_write_user_tmp_files(webadm_t)
|
|
')
|
|
|
|
tunable_policy(`webadm_read_user_files',`
|
|
userdom_read_user_home_content_files(webadm_t)
|
|
userdom_read_user_tmp_files(webadm_t)
|
|
')
|