diff options
author | Miroslav Grepl <mgrepl@redhat.com> | 2010-09-07 14:46:08 +0200 |
---|---|---|
committer | Miroslav Grepl <mgrepl@redhat.com> | 2010-09-07 14:46:08 +0200 |
commit | 3b0077d21cfb6f284d4baa2d8fb511613229b655 (patch) | |
tree | 4a30d42194476c3472dfd902cffe20c17b6251e5 /passenger.te | |
parent | 8232f3574bdd332a5aeb046ed03642b3817591c7 (diff) | |
download | test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.tar.gz test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.tar.xz test_policy_modules-3b0077d21cfb6f284d4baa2d8fb511613229b655.zip |
- Add passenger.sh install script
- Rename mod_passanger.* files to appropriate name
- Fixes for passenger policy
- Add /var/run/passenger directory
Diffstat (limited to 'passenger.te')
-rw-r--r-- | passenger.te | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/passenger.te b/passenger.te new file mode 100644 index 0000000..be9d06d --- /dev/null +++ b/passenger.te @@ -0,0 +1,76 @@ + +policy_module(mod_passanger,1.0) + +######################################## +# +# Declarations +# + +type passenger_t; +type passenger_exec_t; +domain_type(passenger_t) +domain_entry_file(passenger_t, passenger_exec_t) +role system_r types passenger_t; + +type passenger_tmp_t; +files_tmp_file(passenger_tmp_t) + +type passenger_var_lib_t; +files_type(passenger_var_lib_t) + +type passenger_state_t; +files_pid_file(passenger_state_t) + +type passenger_rw_content_t; +files_type(passenger_rw_content_t) + +#permissive httpd_passenger_t; + +#### apache section #### + +require{ + type httpd_t; +} + +optional_policy(` + passenger_domtrans(httpd_t) + passenger_manage_state_content(httpd_t) + passenger_read_lib_files(httpd_t) +') + +######################################## +# +# Apache mod_passanger local policy +# + +allow passenger_t self:capability dac_override; +allow passenger_t self:process signal; + +allow passenger_t self:fifo_file rw_fifo_file_perms; +allow passenger_t self:unix_stream_socket { create_stream_socket_perms connectto }; + +manage_dirs_pattern(passenger_t, passenger_state_t, passenger_state_t) +manage_files_pattern(passenger_t, passenger_state_t, passenger_state_t) +manage_fifo_files_pattern(passenger_t, passenger_state_t, passenger_state_t) +manage_sock_files_pattern(passenger_t, passenger_state_t, passenger_state_t) + +rw_dirs_pattern(passenger_t, passenger_rw_content_t, passenger_rw_content_t) +rw_files_pattern(passenger_t, passenger_rw_content_t, passenger_rw_content_t) + +manage_dirs_pattern(passenger_t, passenger_var_lib_t, passenger_var_lib_t) +manage_files_pattern(passenger_t, passenger_var_lib_t, passenger_var_lib_t) + +kernel_read_kernel_sysctls(passenger_t) + +corecmd_exec_bin(passenger_t) + +dev_read_urand(passenger_t) + +files_read_etc_files(passenger_t) + +miscfiles_read_localization(passenger_t) + +optional_policy(` + apache_append_log(passenger_t) + apache_read_sys_content(passenger_t) +') |