Add SELinux policy for UI assets

This also removes the Index option of /ipa-assets as well as the deprecated IPADebug option. No need to build or install ipa_webgui anymore. Leaving in the code for reference purposes for now.
author: Rob Crittenden <rcritten@redhat.com> 2009-11-03 15:26:00 -0500
committer: Jason Gerard DeRose <jderose@redhat.com> 2009-11-04 04:07:38 -0700
commit: da58b0cc75ffd59e34729d3caedaa715d8dd2584 (patch)
tree: c8c806cc8e143bbbce7943ad3e481fb0985327df /selinux/ipa_httpd
parent: 5782b882a725a0a626630cd361c6c4d3455449be (diff)
download: freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.tar.gz
freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.tar.xz
freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.zip
2 files changed, 6 insertions, 1 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.fc b/selinux/ipa_httpd/ipa_httpd.fc
new file mode 100644
index 000000000..b2c6c1a2d
--- /dev/null
+++ b/selinux/ipa_httpd/ipa_httpd.fc
@@ -0,0 +1,5 @@
+#
+# /var
+#
+/var/cache/ipa/sessions(/.*)?  gen_context(system_u:object_r:httpd_sys_content_t,s0)
+/var/cache/ipa/assets(/.*)?  gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
index 29112ba2f..e5cec8510 100644
--- a/selinux/ipa_httpd/ipa_httpd.te
+++ b/selinux/ipa_httpd/ipa_httpd.te
@@ -1,4 +1,4 @@
-module ipa_httpd 1.0;
+module ipa_httpd 1.1;
 
 require {
         type httpd_t;
author	Rob Crittenden <rcritten@redhat.com>	2009-11-03 15:26:00 -0500
committer	Jason Gerard DeRose <jderose@redhat.com>	2009-11-04 04:07:38 -0700
commit	da58b0cc75ffd59e34729d3caedaa715d8dd2584 (patch)
tree	c8c806cc8e143bbbce7943ad3e481fb0985327df /selinux/ipa_httpd
parent	5782b882a725a0a626630cd361c6c4d3455449be (diff)
download	freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.tar.gz freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.tar.xz freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.zip