Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

distgit: install another custom selinux policy

Browse source 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon 2020-11-10 15:35:33 +01:00
parent a6a5686038
commit 1ef758c408
2 changed files with 22 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/distgit/files/http_policy.te Normal file
View file

@ -0,0 +1,14 @@
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t git_content_t:dir search;
allow httpd_sys_script_t gitosis_var_lib_t:dir { getattr search };
allow httpd_sys_script_t self:capability { audit_write dac_read_search setgid setuid sys_resource };
allow httpd_sys_script_t self:netlink_audit_socket { create nlmsg_relay };
allow httpd_sys_script_t self:process setrlimit;
allow httpd_sys_script_t shadow_t:file { getattr open read };
#============= httpd_t ==============
allow httpd_t git_content_t:dir { add_name remove_name write };
allow httpd_t git_content_t:file { create rename setattr unlink write };
allow httpd_t gitosis_var_lib_t:dir { add_name create remove_name rmdir write };
allow httpd_t gitosis_var_lib_t:file { create link rename unlink write };