Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Some selinux policy for staging.

Browse source
This commit is contained in:
Kevin Fenzi 2018-10-10 20:01:45 +00:00
parent 78775f1b36
commit 7887029ffb
4 changed files with 52 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
roles/distgit/files/pagure.pp Normal file
View file

Binary file not shown.

30
roles/distgit/files/pagure.te Normal file
View file

@ -0,0 +1,30 @@
module pagure 1.0.5;
require {
type httpd_t;
type sysctl_net_t;
type gitosis_var_lib_t;
type httpd_git_script_t;
type git_script_tmp_t;
type git_user_content_t;
class dir { search getattr open read add_name remove_name write create rename};
class file { append open ioctl lock rename append getattr read create link setattr unlink write };
class lnk_file { read open getattr create unlink};
}
allow httpd_git_script_t git_script_tmp_t:file manage_file_perms;
allow httpd_t git_user_content_t:dir { search getattr open read };
allow httpd_t git_user_content_t:file { read open getattr };
allow httpd_t git_user_content_t:lnk_file { read open getattr };
optional_policy(`
gen_require(` class file map; ')
allow httpd_t git_user_content_t:file map;
')
allow httpd_t gitosis_var_lib_t:dir { add_name remove_name write create rename};
allow httpd_t gitosis_var_lib_t:file { create link setattr unlink write rename append};
allow httpd_t gitosis_var_lib_t:lnk_file { create unlink };
allow httpd_t sysctl_net_t:file { open read };