diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-11-03 15:26:00 -0500 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-11-04 04:07:38 -0700 |
commit | da58b0cc75ffd59e34729d3caedaa715d8dd2584 (patch) | |
tree | c8c806cc8e143bbbce7943ad3e481fb0985327df /selinux/ipa_httpd | |
parent | 5782b882a725a0a626630cd361c6c4d3455449be (diff) | |
download | freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.tar.gz freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.tar.xz freeipa-da58b0cc75ffd59e34729d3caedaa715d8dd2584.zip |
Add SELinux policy for UI assets
This also removes the Index option of /ipa-assets as well as the
deprecated IPADebug option.
No need to build or install ipa_webgui anymore. Leaving in the code
for reference purposes for now.
Diffstat (limited to 'selinux/ipa_httpd')
-rw-r--r-- | selinux/ipa_httpd/ipa_httpd.fc | 5 | ||||
-rw-r--r-- | selinux/ipa_httpd/ipa_httpd.te | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.fc b/selinux/ipa_httpd/ipa_httpd.fc new file mode 100644 index 000000000..b2c6c1a2d --- /dev/null +++ b/selinux/ipa_httpd/ipa_httpd.fc @@ -0,0 +1,5 @@ +# +# /var +# +/var/cache/ipa/sessions(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/cache/ipa/assets(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te index 29112ba2f..e5cec8510 100644 --- a/selinux/ipa_httpd/ipa_httpd.te +++ b/selinux/ipa_httpd/ipa_httpd.te @@ -1,4 +1,4 @@ -module ipa_httpd 1.0; +module ipa_httpd 1.1; require { type httpd_t; |