- Add passenger.sh install script

- Rename mod_passanger.* files to appropriate name - Fixes for passenger policy - Add /var/run/passenger directory
author: Miroslav Grepl <mgrepl@redhat.com> 2010-09-07 14:46:08 +0200
committer: Miroslav Grepl <mgrepl@redhat.com> 2010-09-07 14:46:08 +0200
commit: 3b0077d21cfb6f284d4baa2d8fb511613229b655 (patch)
tree: 4a30d42194476c3472dfd902cffe20c17b6251e5 /passenger.if
parent: 8232f3574bdd332a5aeb046ed03642b3817591c7 (diff)
download: test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.tar.gz
test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.tar.xz
test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.zip
1 files changed, 68 insertions, 0 deletions
diff --git a/passenger.if b/passenger.if
new file mode 100644
index 0000000..e738452
--- /dev/null
+++ b/passenger.if
@@ -0,0 +1,68 @@
+## <summary>Passenger policy</summary>
+
+######################################
+## <summary>
+##      Execute passenger in the passenger domain.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      The type of the process performing this action.
+##      </summary>
+## </param>
+#
+interface(`passenger_domtrans',`
+        gen_require(`
+                type passenger_t;
+        ')
+
+	allow $1 self:capability { fowner fsetid };
+
+	allow $1 passenger_t:process signal;
+
+	domtrans_pattern($1, passenger_exec_t, passenger_t)
+	allow $1 passenger_t:unix_stream_socket { read write shutdown };
+	allow passenger_t $1:unix_stream_socket { read write };
+')
+
+######################################
+## <summary>
+##      Manage passenger state content.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`passenger_manage_state_content',`
+        gen_require(`
+                type passenger_state_t;
+        ')
+
+        files_search_pids($1)
+	manage_dirs_pattern($1, passenger_state_t, passenger_state_t)
+        manage_files_pattern($1, passenger_state_t, passenger_state_t)
+	manage_fifo_files_pattern($1, passenger_state_t, passenger_state_t)
+	manage_sock_files_pattern($1, passenger_state_t, passenger_state_t)
+')
+
+########################################
+## <summary>
+##      Read passenger lib files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to not audit.
+##      </summary>
+## </param>
+#
+interface(`passenger_read_lib_files',`
+        gen_require(`
+                type passenger_var_lib_t;
+        ')
+
+	files_search_var_lib($1)
+        read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
+        read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
+')
+
author	Miroslav Grepl <mgrepl@redhat.com>	2010-09-07 14:46:08 +0200
committer	Miroslav Grepl <mgrepl@redhat.com>	2010-09-07 14:46:08 +0200
commit	3b0077d21cfb6f284d4baa2d8fb511613229b655 (patch)
tree	4a30d42194476c3472dfd902cffe20c17b6251e5 /passenger.if
parent	8232f3574bdd332a5aeb046ed03642b3817591c7 (diff)
download	test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.tar.gz test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.tar.xz test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.zip