- Fixes for passenger policy

author: Miroslav Grepl <mgrepl@redhat.com> 2010-09-07 16:23:14 +0200
committer: Miroslav Grepl <mgrepl@redhat.com> 2010-09-07 16:23:14 +0200
commit: 45688b2d50f3b0af2908565c971789e3863cfbd1 (patch)
tree: 2f1832f76e31389e2ea34fa67b12d140495bdde0
parent: 4ce5781928a960764b2d561cd09d3d54466a0d6c (diff)
download: test_policy_modules-45688b2d50f3b0af2908565c971789e3863cfbd1.tar.gz
test_policy_modules-45688b2d50f3b0af2908565c971789e3863cfbd1.tar.xz
test_policy_modules-45688b2d50f3b0af2908565c971789e3863cfbd1.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/passenger.te b/passenger.te
index 949dc89..674e348 100644
--- a/passenger.te
+++ b/passenger.te
@@ -40,7 +40,7 @@ optional_policy(`
 # Apache mod_passanger local policy
 #
 
-allow passenger_t self:capability { setuid setgid dac_override };
+allow passenger_t self:capability { dac_override fsetid fowner chown setuid setgid };
 allow passenger_t self:process signal;
 
 allow passenger_t self:fifo_file rw_fifo_file_perms;
@@ -59,6 +59,7 @@ kernel_read_system_state(passenger_t)
 kernel_read_kernel_sysctls(passenger_t)
 
 corecmd_exec_bin(passenger_t)
+corecmd_exec_shellpassenger_t)
 
 dev_read_urand(passenger_t)
author	Miroslav Grepl <mgrepl@redhat.com>	2010-09-07 16:23:14 +0200
committer	Miroslav Grepl <mgrepl@redhat.com>	2010-09-07 16:23:14 +0200
commit	45688b2d50f3b0af2908565c971789e3863cfbd1 (patch)
tree	2f1832f76e31389e2ea34fa67b12d140495bdde0
parent	4ce5781928a960764b2d561cd09d3d54466a0d6c (diff)
download	test_policy_modules-45688b2d50f3b0af2908565c971789e3863cfbd1.tar.gz test_policy_modules-45688b2d50f3b0af2908565c971789e3863cfbd1.tar.xz test_policy_modules-45688b2d50f3b0af2908565c971789e3863cfbd1.zip