alecksey/globus-selinux-policy
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

'fix'

Browse Source
This commit is contained in:
Alexey Logvinov 2020-06-28 21:29:50 +03:00
parent d5ff7ea3a4
commit bdbf5bd850
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -8,4 +8,5 @@ checkmodule -M -m -o globus.mod globus.te
sudo semodule_package -o globus.pp -m globus.mod sudo semodule_package -o globus.pp -m globus.mod
sudo semodule -i globus.pp sudo semodule -i globus.pp
rm -f globus.* rm -f globus.*
setsebool -P domain_can_mmap_files 1
``` ```

6
globus.te
View File

@ -13,13 +13,13 @@ require {
type public_content_rw_t; type public_content_rw_t;
type unreserved_port_t; type unreserved_port_t;
class tcp_socket name_connect; class tcp_socket name_connect;
class dir { create rename reparent rmdir }; class dir { add_name create rename reparent rmdir };
class file { append create execute execute_no_trans lock open read setattr unlink write }; class file { append create execute execute_no_trans lock open read setattr unlink write };
} }
#============= httpd_t ============= #============= httpd_t =============
allow httpd_t http_port_t:tcp_socket name_connect; allow httpd_t http_port_t:tcp_socket name_connect;
#allow httpd_t httpd_config_t:dir add_name; allow httpd_t httpd_config_t:dir add_name;
allow httpd_t httpd_config_t:file {append create}; allow httpd_t httpd_config_t:file {append create};
allow httpd_t smtp_port_t:tcp_socket name_connect; allow httpd_t smtp_port_t:tcp_socket name_connect;
@ -33,4 +33,4 @@ allow init_t tmp_t:file unlink;
allow init_t user_home_t:dir { create rename reparent rmdir }; allow init_t user_home_t:dir { create rename reparent rmdir };
allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write }; allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write };
allow init_t public_content_rw_t:file execute; allow init_t public_content_rw_t:file execute;
allow init_t public_content_rw_t:file { append create execute open read setattr unlink write }; allow init_t public_content_rw_t:file { append create execute execute_no_trans lock open read setattr unlink write };