mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2024-11-27 03:57:27 +01:00
slight tweak to koji-sign sepolicy
This commit is contained in:
parent
53be9f3cbf
commit
7f3a98da18
@ -6,17 +6,18 @@ require {
|
|||||||
type devpts_t;
|
type devpts_t;
|
||||||
type httpd_t;
|
type httpd_t;
|
||||||
type ptmx_t;
|
type ptmx_t;
|
||||||
|
type rpm_var_lib_t;
|
||||||
class chr_file { getattr ioctl open read write };
|
class chr_file { getattr ioctl open read write };
|
||||||
class dir { add_name remove_name setattr write };
|
class dir { add_name remove_name setattr write };
|
||||||
class file { create link unlink write };
|
class file { create link map unlink write };
|
||||||
class sock_file { create getattr setattr unlink write };
|
class sock_file { create getattr setattr unlink write };
|
||||||
}
|
}
|
||||||
|
|
||||||
#============= httpd_t ==============
|
#============= httpd_t ==============
|
||||||
|
|
||||||
#!!!! This avc is allowed in the current policy
|
|
||||||
allow httpd_t devpts_t:chr_file open;
|
allow httpd_t devpts_t:chr_file open;
|
||||||
allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
|
allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
|
||||||
allow httpd_t etc_t:dir { add_name remove_name setattr write };
|
allow httpd_t etc_t:dir { add_name remove_name setattr write };
|
||||||
allow httpd_t etc_t:file { create link unlink write };
|
allow httpd_t etc_t:file { create link unlink write };
|
||||||
allow httpd_t etc_t:sock_file { create getattr setattr unlink write };
|
allow httpd_t etc_t:sock_file { create getattr setattr unlink write };
|
||||||
|
allow httpd_t rpm_var_lib_t:file map;
|
||||||
|
Loading…
Reference in New Issue
Block a user