alecksey/globus-selinux-policy
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Изменить 'globus.te'

Browse Source
This commit is contained in:
Alexey Logvinov 2020-06-28 20:05:35 +03:00
parent 120827c4b8
commit 8c743e94dc
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
globus.te
View File

@ -11,9 +11,19 @@ require {
class file { append create execute execute_no_trans lock open read setattr unlink write }; class file { append create execute execute_no_trans lock open read setattr unlink write };
} }
#============= httpd_t =============
allow httpd_t http_port_t:tcp_socket name_connect;
allow httpd_t httpd_config_t:dir add_name;
allow httpd_t httpd_config_t:file {append create};
allow httpd_t smtp_port_t:tcp_socket name_connect;
allow httpd_t unreserved_port_t:tcp_socket name_connect;
#============= init_t ============== #============= init_t ==============
allow init_t mysqld_port_t:tcp_socket name_connect; allow init_t mysqld_port_t:tcp_socket name_connect;
allow init_t tmp_t:file unlink; allow init_t tmp_t:file unlink;
allow init_t user_home_t:dir { create rename reparent rmdir }; allow init_t user_home_t:dir { create rename reparent rmdir };
allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write }; allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write };
allow init_t public_content_rw_t:file execute;