1031ee6f6a
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t. Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t. As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral. Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all. Signed-off-by: Dominick Grift <domg472@gmail.com> Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
8 lines
412 B
Plaintext
8 lines
412 B
Plaintext
/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0)
|
|
/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
|
|
|
|
/usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t, s0)
|
|
|
|
/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
|
|
/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
|