smeserver-koji/selinux/koji-sign.te


module koji-sign 1.0;

require {
	type etc_t;
	type devpts_t;
	type httpd_t;
	type ptmx_t;
	type rpm_var_lib_t;
	class chr_file { getattr ioctl open read write };
	class dir { add_name remove_name setattr write };
	class file { create link map unlink write };
	class sock_file { create getattr setattr unlink write };
}

#============= httpd_t ==============

allow httpd_t devpts_t:chr_file open;
allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
allow httpd_t etc_t:dir { add_name remove_name setattr write };
allow httpd_t etc_t:file { create link unlink write };
allow httpd_t etc_t:sock_file { create getattr setattr unlink write };
allow httpd_t rpm_var_lib_t:file map;
selinux policy 2024-09-27 09:12:56 +02:00
			`module koji-sign 1.0;`

			`require {`
			`type etc_t;`
			`type devpts_t;`
			`type httpd_t;`
			`type ptmx_t;`
slight tweak to koji-sign sepolicy 2024-09-29 03:35:32 +02:00			`type rpm_var_lib_t;`
selinux policy 2024-09-27 09:12:56 +02:00			`class chr_file { getattr ioctl open read write };`
			`class dir { add_name remove_name setattr write };`
slight tweak to koji-sign sepolicy 2024-09-29 03:35:32 +02:00			`class file { create link map unlink write };`
selinux policy 2024-09-27 09:12:56 +02:00			`class sock_file { create getattr setattr unlink write };`
			`}`

			`#============= httpd_t ==============`

			`allow httpd_t devpts_t:chr_file open;`
			`allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };`
			`allow httpd_t etc_t:dir { add_name remove_name setattr write };`
			`allow httpd_t etc_t:file { create link unlink write };`
			`allow httpd_t etc_t:sock_file { create getattr setattr unlink write };`
slight tweak to koji-sign sepolicy 2024-09-29 03:35:32 +02:00			`allow httpd_t rpm_var_lib_t:file map;`