diff options
Diffstat (limited to 'selinux/ipa_httpd/ipa_httpd.te')
| -rw-r--r-- | selinux/ipa_httpd/ipa_httpd.te | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te new file mode 100644 index 000000000..a13ebc128 --- /dev/null +++ b/selinux/ipa_httpd/ipa_httpd.te @@ -0,0 +1,16 @@ +module ipa_httpd 1.0; + +require { + type pki_ca_var_lib_t; + type httpd_t; + class lnk_file { read getattr }; + class dir { read search open getattr }; + class file { getattr read open execute }; +} + +# Let Apache read the directories within the certificate authority +# so it can read the published CRLs. +allow httpd_t pki_ca_var_lib_t:dir { read search open getattr }; +allow httpd_t pki_ca_var_lib_t:file { read getattr open }; +allow httpd_t pki_ca_var_lib_t:lnk_file { read getattr }; + |