smedev/smeserver-koji
6
0
Fork 0
mirror of https://src.koozali.org/infra/smeserver-koji.git synced 2024-11-21 09:07:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

selinux policy

Browse Source
This commit is contained in:
Trevor Batley 2024-09-27 17:12:56 +10:00
parent 2e45c356d8
commit e77b8d2934
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selinux/README.md Normal file
View File

@ -0,0 +1 @@
selinux policy to allow signing of rpms via sign plugin

22
selinux/koji-sign.te Normal file
View File

@ -0,0 +1,22 @@
module koji-sign 1.0;
require {
type etc_t;
type devpts_t;
type httpd_t;
type ptmx_t;
class chr_file { getattr ioctl open read write };
class dir { add_name remove_name setattr write };
class file { create link unlink write };
class sock_file { create getattr setattr unlink write };
}
#============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t devpts_t:chr_file open;
allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
allow httpd_t etc_t:dir { add_name remove_name setattr write };
allow httpd_t etc_t:file { create link unlink write };
allow httpd_t etc_t:sock_file { create getattr setattr unlink write };