rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/services/bugzilla.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   4192c80c13b83eca126a4d33256270655b3bcff6
  2.   policy
  3.   modules
  4.   services
  5.   bugzilla.if
Blob History Raw
Dan Walsh 3eaa99 
## <summary>Bugzilla server</summary>
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
########################################
Dan Walsh 3eaa99 
## <summary>
Dan Walsh 3eaa99 
##	Allow the specified domain to search
Dan Walsh 3eaa99 
##	bugzilla directories.
Dan Walsh 3eaa99 
## </summary>
Dan Walsh 3eaa99 
## <param name="domain">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	Domain allowed access.
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
#
Dan Walsh 3eaa99 
interface(`bugzilla_search_dirs',`
Dan Walsh 3eaa99 
	gen_require(`
Dan Walsh 3eaa99 
		type httpd_bugzilla_content_t;
Dan Walsh 3eaa99 
	')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	allow $1 httpd_bugzilla_content_t:dir search_dir_perms;
Dan Walsh 3eaa99 
')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
########################################
Dan Walsh 3eaa99 
## <summary>
Dan Walsh 3eaa99 
##	Do not audit attempts to read and write
Dan Walsh 3eaa99 
##	bugzilla script unix domain stream sockets.
Dan Walsh 3eaa99 
## </summary>
Dan Walsh 3eaa99 
## <param name="domain">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	Domain allowed access.
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
#
Dan Walsh 3eaa99 
interface(`bugzilla_dontaudit_rw_script_stream_sockets',`
Dan Walsh 3eaa99 
	gen_require(`
Dan Walsh 3eaa99 
		type httpd_bugzilla_script_t;
Dan Walsh 3eaa99 
	')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };
Dan Walsh 3eaa99 
')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
########################################
Dan Walsh 3eaa99 
## <summary>
Dan Walsh 3eaa99 
##	All of the rules required to administrate
Dan Walsh 3eaa99 
##	an bugzilla environment
Dan Walsh 3eaa99 
## </summary>
Dan Walsh 3eaa99 
## <param name="domain">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	Domain allowed access.
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
## <param name="role">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	The role to be allowed to manage the bugzilla domain.
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
## <rolecap/>
Dan Walsh 3eaa99 
#
Dan Walsh 3eaa99 
interface(`bugzilla_admin',`
Dan Walsh 3eaa99 
	gen_require(`
Dan Walsh 3eaa99 
		type httpd_bugzilla_script_t;
Dan Walsh 3eaa99 
		type httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
Dan Walsh 3eaa99 
		type httpd_bugzilla_rw_content_t, httpd_bugzilla_tmp_t;
Dan Walsh 3eaa99 
		type httpd_bugzilla_script_exec_t, httpd_bugzilla_htaccess_t;
Dan Walsh 3eaa99 
	')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	allow $1 httpd_bugzilla_script_t:process { ptrace signal_perms };
Dan Walsh 3eaa99 
	ps_process_pattern($1, httpd_bugzilla_script_t)
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	files_list_tmp($1)
Dan Walsh 3eaa99 
	admin_pattern($1, httpd_bugzilla_tmp_t)
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	files_search_var_lib(httpd_bugzilla_script_t)
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	apache_search_sys_content($1)
Dan Walsh 3eaa99 
	admin_pattern($1, httpd_bugzilla_script_exec_t)
Dan Walsh 3eaa99 
	admin_pattern($1, httpd_bugzilla_script_t)
Dan Walsh 3eaa99 
	admin_pattern($1, httpd_bugzilla_content_t)
Dan Walsh 3eaa99 
	admin_pattern($1, httpd_bugzilla_htaccess_t)
Dan Walsh 3eaa99 
	admin_pattern($1, httpd_bugzilla_rw_content_t)
Dan Walsh 3eaa99 
	admin_pattern($1, httpd_bugzilla_ra_content_t)
Dan Walsh 3eaa99 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation