mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-12-25 18:10:11 +01:00
added selinux contrib stuff
This commit is contained in:
parent
fe499d18c1
commit
0a4120a64a
13
contrib/selinux/README
Normal file
13
contrib/selinux/README
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
setsebool -P allow_httpd_mod_auth_ntlm_winbind on
|
||||||
|
setsebool -P httpd_can_network_connect on
|
||||||
|
setsebool -P httpd_ssi_exec on
|
||||||
|
|
||||||
|
setsebool -P httpd_use_nfs 1 (in case of nfs)
|
||||||
|
|
||||||
|
|
||||||
|
checkmodule -M -m -o piler.mod piler.te
|
||||||
|
semodule_package -o piler.pp -m piler.mod
|
||||||
|
semodule -i piler.pp
|
||||||
|
|
||||||
|
chcon -R --type=httpd_sys_rw_content_t /var/piler/www/tmp
|
||||||
|
|
38
contrib/selinux/piler.te
Normal file
38
contrib/selinux/piler.te
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
module piler 1.2;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type devlog_t;
|
||||||
|
type httpd_sys_script_t;
|
||||||
|
type httpd_t;
|
||||||
|
type initrc_t;
|
||||||
|
type initrc_var_run_t;
|
||||||
|
type kernel_t;
|
||||||
|
type public_content_t;
|
||||||
|
type var_t;
|
||||||
|
|
||||||
|
class capability { kill setuid setgid sys_resource };
|
||||||
|
class dir search;
|
||||||
|
class file { read execute open getattr };
|
||||||
|
class netlink_audit_socket create;
|
||||||
|
class process { setrlimit signal };
|
||||||
|
class sock_file write;
|
||||||
|
class unix_dgram_socket sendto;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#============= httpd_sys_script_t ==============
|
||||||
|
|
||||||
|
allow httpd_sys_script_t var_t:file { getattr open read };
|
||||||
|
allow httpd_sys_script_t devlog_t:sock_file write;
|
||||||
|
allow httpd_sys_script_t httpd_t:file { getattr read open };
|
||||||
|
allow httpd_sys_script_t httpd_t:dir search;
|
||||||
|
allow httpd_sys_script_t initrc_t:process signal;
|
||||||
|
allow httpd_sys_script_t initrc_var_run_t:file { getattr open read };
|
||||||
|
allow httpd_sys_script_t kernel_t:unix_dgram_socket sendto;
|
||||||
|
allow httpd_sys_script_t self:capability { kill setuid setgid sys_resource };
|
||||||
|
allow httpd_sys_script_t self:netlink_audit_socket create;
|
||||||
|
allow httpd_sys_script_t self:process setrlimit;
|
||||||
|
|
||||||
|
allow httpd_t var_t:file getattr;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user