From 94e96a604ae1785441fc48a1fdca05b5cdd240fa Mon Sep 17 00:00:00 2001
From: Logvinov Alecksey <alecksey@yandex.ru>
Date: Sun, 28 Jun 2020 21:33:00 +0300
Subject: [PATCH] Squashed commit of the following:
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

commit 3d22bd9d3ecda17d9d18a8e83a11a19c928dc948
Merge: bdbf5bd 85c713c
Author: Logvinov Alecksey <alecksey@yandex.ru>
Date:   Sun Jun 28 21:30:29 2020 +0300

    Merge branch 'master' of https://gitea.alecksey.com/alecksey/globus-selinux-policy

commit bdbf5bd8504676f7b066190978457c29b7a6bf62
Author: Logvinov Alecksey <alecksey@yandex.ru>
Date:   Sun Jun 28 21:29:50 2020 +0300

    'fix'

commit 85c713c9f40bd5885efb48f3c0f89798bfdff5f6
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 21:20:15 2020 +0300

    Изменить 'README.md'

commit 8d82709b23dfbb34713b48ebd7e0d73b78c2c860
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 20:37:02 2020 +0300

    Изменить 'globus.te'

commit 7c3e06881f84694dd2dd44de12cab8c47ba686c5
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 20:31:33 2020 +0300

    Изменить 'globus.te'

commit d5ff7ea3a4bb1100b5d8edcfefec5b68173bb39f
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 20:27:30 2020 +0300

    Изменить 'globus.te'

commit 972aeff9d03a6455d17d54649940bbb1baef7076
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 20:17:19 2020 +0300

    Изменить 'globus.te'

commit 72edae112ad59a613a9f3bc9a3a5ad84dfff118b
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 20:16:50 2020 +0300

    Изменить 'globus.te'

commit 929101387f3768b303ccc83e7358e5b4838bbeb4
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 20:07:39 2020 +0300

    Изменить 'globus.te'

commit 8c743e94dc4ef33382e82290e9e54c9e2650c3f8
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 20:05:35 2020 +0300

    Изменить 'globus.te'

commit 120827c4b82d1fcb29e69c52acd55130bd38720b
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 19:38:58 2020 +0300

    Изменить 'README.md'

commit 17ee554bbdbe5ae530b81076ba071954c0a8efba
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 19:32:59 2020 +0300

    Загрузить файлы ''

commit 1ef7a213c05782d28a0773e816cad60021c958c0
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 18:24:53 2020 +0300

    Добавить 'globus.te'

commit 0c2d5558a9053a4d0d86d7228e8d0febdc52268a
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 18:23:05 2020 +0300

    Изменить 'README.md'

commit e44a60ba1a44c856575e562194961c0cb58e430f
Author: Logvinov Alecksey <alecksey@noreply.example.org>
Date:   Sun Jun 28 18:22:55 2020 +0300

    Изменить 'README.md'
---
 README.md |  9 +++++++--
 globus.te | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 globus.te

diff --git a/README.md b/README.md
index 1d588c5..74083b2 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,12 @@
 # globus-selinux-policy
 
-curl -o globus.te https://gitea.alecksey.com/alecksey/globux-selinux-policy/master/globus.te
+## install globus-server selinux policy
+
+```
+curl -o globus.te https://gitea.alecksey.com/alecksey/globus-selinux-policy/raw/branch/master/globus.te
 checkmodule -M -m -o globus.mod globus.te
 sudo semodule_package -o globus.pp -m globus.mod
 sudo semodule -i globus.pp
-rm -f globus.*
\ No newline at end of file
+rm -f globus.*
+setsebool -P domain_can_mmap_files 1
+```
\ No newline at end of file
diff --git a/globus.te b/globus.te
new file mode 100644
index 0000000..1c3a2c5
--- /dev/null
+++ b/globus.te
@@ -0,0 +1,36 @@
+
+module globus 1.0;
+
+require {
+    type mysqld_port_t;
+    type user_home_t;
+    type tmp_t;
+    type init_t;
+    type httpd_t;
+    type httpd_config_t;
+    type smtp_port_t;
+    type http_port_t;
+    type public_content_rw_t;
+    type unreserved_port_t;
+    class tcp_socket name_connect;
+    class dir { add_name create rename reparent rmdir };
+    class file { append create execute execute_no_trans lock open read setattr unlink write };
+}
+
+#============= httpd_t =============
+allow httpd_t http_port_t:tcp_socket name_connect;
+allow httpd_t httpd_config_t:dir add_name;
+allow httpd_t httpd_config_t:file {append create};
+
+allow httpd_t smtp_port_t:tcp_socket name_connect;
+
+allow httpd_t unreserved_port_t:tcp_socket name_connect;
+
+#============= init_t ==============
+
+allow init_t mysqld_port_t:tcp_socket name_connect;
+allow init_t tmp_t:file unlink;
+allow init_t user_home_t:dir { create rename reparent rmdir };
+allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write };
+allow init_t public_content_rw_t:file execute;
+allow init_t public_content_rw_t:file { append create execute execute_no_trans lock open read setattr unlink write };