mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2024-11-21 17:17:28 +01:00
selinux policy
This commit is contained in:
parent
2e45c356d8
commit
e77b8d2934
1
selinux/README.md
Normal file
1
selinux/README.md
Normal file
@ -0,0 +1 @@
|
||||
selinux policy to allow signing of rpms via sign plugin
|
22
selinux/koji-sign.te
Normal file
22
selinux/koji-sign.te
Normal file
@ -0,0 +1,22 @@
|
||||
|
||||
module koji-sign 1.0;
|
||||
|
||||
require {
|
||||
type etc_t;
|
||||
type devpts_t;
|
||||
type httpd_t;
|
||||
type ptmx_t;
|
||||
class chr_file { getattr ioctl open read write };
|
||||
class dir { add_name remove_name setattr write };
|
||||
class file { create link unlink write };
|
||||
class sock_file { create getattr setattr unlink write };
|
||||
}
|
||||
|
||||
#============= httpd_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
allow httpd_t devpts_t:chr_file open;
|
||||
allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
|
||||
allow httpd_t etc_t:dir { add_name remove_name setattr write };
|
||||
allow httpd_t etc_t:file { create link unlink write };
|
||||
allow httpd_t etc_t:sock_file { create getattr setattr unlink write };
|
Loading…
Reference in New Issue
Block a user