38 lines
1.3 KiB
Plaintext
38 lines
1.3 KiB
Plaintext
|
|
module globus 1.0;
|
|
|
|
require {
|
|
type mysqld_port_t;
|
|
type user_home_t;
|
|
type tmp_t;
|
|
type init_t;
|
|
type httpd_t;
|
|
type httpd_config_t;
|
|
type smtp_port_t;
|
|
type http_port_t;
|
|
type public_content_rw_t;
|
|
type unreserved_port_t;
|
|
type var_t;
|
|
class tcp_socket name_connect;
|
|
class dir { add_name create rename reparent rmdir };
|
|
class file { append create execute execute_no_trans lock open read setattr unlink write };
|
|
}
|
|
|
|
#============= httpd_t =============
|
|
allow httpd_t http_port_t:tcp_socket name_connect;
|
|
allow httpd_t httpd_config_t:dir add_name;
|
|
allow httpd_t httpd_config_t:file {append create};
|
|
|
|
allow httpd_t smtp_port_t:tcp_socket name_connect;
|
|
|
|
allow httpd_t unreserved_port_t:tcp_socket name_connect;
|
|
|
|
#============= init_t ==============
|
|
|
|
allow init_t mysqld_port_t:tcp_socket name_connect;
|
|
allow init_t tmp_t:file unlink;
|
|
allow init_t user_home_t:dir { create rename reparent rmdir };
|
|
allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write };
|
|
allow init_t public_content_rw_t:file execute;
|
|
allow init_t public_content_rw_t:file { append create execute execute_no_trans lock open read setattr unlink write };
|
|
allow init_t var_t:file { append create execute execute_no_trans lock open read setattr unlink write }; |