smedev/smeserver-koji
6
0
Fork 0
mirror of https://src.koozali.org/infra/smeserver-koji.git synced 2024-11-23 10:07:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

slight tweak to koji-sign sepolicy

Browse Source
This commit is contained in:
Trevor Batley 2024-09-29 11:35:32 +10:00
parent 53be9f3cbf
commit 7f3a98da18
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
selinux/koji-sign.te
View File

@ -6,17 +6,18 @@ require {
type devpts_t; type devpts_t;
type httpd_t; type httpd_t;
type ptmx_t; type ptmx_t;
type rpm_var_lib_t;
class chr_file { getattr ioctl open read write }; class chr_file { getattr ioctl open read write };
class dir { add_name remove_name setattr write }; class dir { add_name remove_name setattr write };
class file { create link unlink write }; class file { create link map unlink write };
class sock_file { create getattr setattr unlink write }; class sock_file { create getattr setattr unlink write };
} }
#============= httpd_t ============== #============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t devpts_t:chr_file open; allow httpd_t devpts_t:chr_file open;
allow httpd_t ptmx_t:chr_file { getattr ioctl open read write }; allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
allow httpd_t etc_t:dir { add_name remove_name setattr write }; allow httpd_t etc_t:dir { add_name remove_name setattr write };
allow httpd_t etc_t:file { create link unlink write }; allow httpd_t etc_t:file { create link unlink write };
allow httpd_t etc_t:sock_file { create getattr setattr unlink write }; allow httpd_t etc_t:sock_file { create getattr setattr unlink write };
allow httpd_t rpm_var_lib_t:file map;