git://git.camperquake.de / selinux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: 730daf0)
Merge branch 'master' of ssh://git.camperquake.de:22003/selinux
authorRalf Ertzinger <ralf@skytale.net>
Thu, 22 Oct 2020 12:52:38 +0000 (12:52 +0000)
committerRalf Ertzinger <ralf@skytale.net>
Thu, 22 Oct 2020 12:52:38 +0000 (12:52 +0000)
httpd-unix-sock/httpd-unix-sock.fc [new file with mode: 0644] patch | blob
httpd-unix-sock/httpd-unix-sock.if [new file with mode: 0644] patch | blob
httpd-unix-sock/httpd-unix-sock.te [new file with mode: 0644] patch | blob
subsonic/subsonic.te patch | blob | history

diff --git a/httpd-unix-sock/httpd-unix-sock.fc b/httpd-unix-sock/httpd-unix-sock.fc
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/httpd-unix-sock/httpd-unix-sock.if b/httpd-unix-sock/httpd-unix-sock.if
new file mode 100644 (file)
index 0000000..3eb6a30
--- /dev/null
+++ b/httpd-unix-sock/httpd-unix-sock.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/httpd-unix-sock/httpd-unix-sock.te b/httpd-unix-sock/httpd-unix-sock.te
new file mode 100644 (file)
index 0000000..ef11af9
--- /dev/null
+++ b/httpd-unix-sock/httpd-unix-sock.te
@@ -0,0 +1,10 @@
+policy_module(httpd-unix-sock, 0.0.1)
+
+require {
+    type httpd_t;
+    type unconfined_service_t;
+}
+
+files_search_pids(httpd_t);
+files_write_generic_pid_pipes(httpd_t);
+allow httpd_t unconfined_service_t:unix_stream_socket { getattr connectto };
diff --git a/subsonic/subsonic.te b/subsonic/subsonic.te
index 0b8aa93..b498825 100644 (file)
--- a/subsonic/subsonic.te
+++ b/subsonic/subsonic.te
@@ -1,4 +1,4 @@
-policy_module(subsonic, 0.1.69)
+policy_module(subsonic, 0.1.73)
 
 require {
     type init_t;
@@ -46,20 +46,23 @@ _sky_java_process(subsonic_t)
 
 read_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
 read_lnk_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
+mmap_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
+
 read_files_pattern(subsonic_t, public_content_t, public_content_t)
 read_lnk_files_pattern(subsonic_t, public_content_t, public_content_t)
-mmap_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
+mmap_files_pattern(subsonic_t, public_content_t, public_content_t)
 
 manage_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
 manage_dirs_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
 manage_lnk_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
-manage_files_pattern(subsonic_t, public_content_rw_t, public_content_rw_t)
 mmap_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
 
+manage_files_pattern(subsonic_t, public_content_rw_t, public_content_rw_t)
+mmap_files_pattern(subsonic_t, public_content_rw_t, public_content_rw_t)
+
 sysnet_dns_name_resolve(subsonic_t)
 
 sssd_read_public_files(subsonic_t)
 
 dev_read_rand(subsonic_t)
 dev_read_sysfs(subsonic_t)
-
Collection of selinux policy files