Chris PeBenito 31b7c0
#DESC Publicfile - HTTP and FTP file services
Chris PeBenito 31b7c0
# http://cr.yp.to/publicfile.html
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Author: petre rodan <kaiowas@gentoo.org>
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# this policy depends on ucspi-tcp
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
daemon_domain(publicfile)
Chris PeBenito 31b7c0
type publicfile_content_t, file_type, sysadmfile;
Chris PeBenito 31b7c0
domain_auto_trans(initrc_t, publicfile_exec_t, publicfile_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
ifdef(`ucspi-tcp.te', `
Chris PeBenito 31b7c0
domain_auto_trans(utcpserver_t, publicfile_exec_t, publicfile_t)
Chris PeBenito 31b7c0
allow publicfile_t utcpserver_t:tcp_socket { read write };
Chris PeBenito 31b7c0
allow utcpserver_t { ftp_data_port_t ftp_port_t http_port_t }:tcp_socket name_bind;
Chris PeBenito 31b7c0
')
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow publicfile_t initrc_t:tcp_socket { read write };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow publicfile_t self:capability { dac_override setgid setuid sys_chroot };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
r_dir_file(publicfile_t, publicfile_content_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0