29 lines
844 B
Text
29 lines
844 B
Text
policy_module(upload_cgi,1.2.0)
|
|
|
|
|
|
require {
|
|
type httpd_git_script_t;
|
|
type git_script_tmp_t;
|
|
type git_script_t;
|
|
type nfs_t;
|
|
}
|
|
|
|
files_tmp_file(git_script_tmp_t)
|
|
allow httpd_git_script_t git_script_tmp_t:file manage_file_perms;
|
|
|
|
|
|
# Do not audit attempts to read the process state (/proc/pid) of all domains.
|
|
domain_read_all_domains_state(httpd_git_script_t);
|
|
|
|
# List the contents of the sysfs directories.
|
|
dev_list_sysfs(httpd_git_script_t);
|
|
|
|
# Allow sending logs to syslog
|
|
logging_send_syslog_msg(httpd_git_script_t);
|
|
|
|
# Get the attributes of all pty device nodes.
|
|
term_getattr_all_ptys(httpd_git_script_t);
|
|
# Get the attributes of all tty device nodes.
|
|
term_getattr_all_ttys(httpd_git_script_t);
|
|
# Do not audit attempts to get the attributes of generic pty devices.
|
|
term_dontaudit_getattr_generic_ptys(httpd_git_script_t);
|