30 lines
1.1 KiB
Text
30 lines
1.1 KiB
Text
module pagure 1.0.5;
|
|
|
|
require {
|
|
type httpd_t;
|
|
type sysctl_net_t;
|
|
type gitosis_var_lib_t;
|
|
type httpd_git_script_t;
|
|
type git_script_tmp_t;
|
|
type git_user_content_t;
|
|
class dir { search getattr open read add_name remove_name write create rename};
|
|
class file { append open ioctl lock rename append getattr read create link setattr unlink write };
|
|
class lnk_file { read open getattr create unlink};
|
|
}
|
|
|
|
allow httpd_git_script_t git_script_tmp_t:file manage_file_perms;
|
|
|
|
allow httpd_t git_user_content_t:dir { search getattr open read };
|
|
allow httpd_t git_user_content_t:file { read open getattr };
|
|
allow httpd_t git_user_content_t:lnk_file { read open getattr };
|
|
|
|
optional_policy(`
|
|
gen_require(` class file map; ')
|
|
allow httpd_t git_user_content_t:file map;
|
|
')
|
|
|
|
allow httpd_t gitosis_var_lib_t:dir { add_name remove_name write create rename};
|
|
allow httpd_t gitosis_var_lib_t:file { create link setattr unlink write rename append};
|
|
allow httpd_t gitosis_var_lib_t:lnk_file { create unlink };
|
|
|
|
allow httpd_t sysctl_net_t:file { open read };
|