From: Ralf Ertzinger <ralf@skytale.net>
Date: Thu, 22 Oct 2020 12:52:38 +0000 (+0000)
Subject: Merge branch 'master' of ssh://git.camperquake.de:22003/selinux
X-Git-Url: https://git.camperquake.de/gitweb.cgi?p=selinux.git;a=commitdiff_plain;h=446b2f15d8df0ac602a0231fedf8f3da5d06b1ce;hp=730daf0fd8a25c47bb5715f2c9d6a232b7dae8f0

Merge branch 'master' of ssh://git.camperquake.de:22003/selinux
---

diff --git a/httpd-unix-sock/httpd-unix-sock.fc b/httpd-unix-sock/httpd-unix-sock.fc
new file mode 100644
index 0000000..e69de29
diff --git a/httpd-unix-sock/httpd-unix-sock.if b/httpd-unix-sock/httpd-unix-sock.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/httpd-unix-sock/httpd-unix-sock.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/httpd-unix-sock/httpd-unix-sock.te b/httpd-unix-sock/httpd-unix-sock.te
new file mode 100644
index 0000000..ef11af9
--- /dev/null
+++ b/httpd-unix-sock/httpd-unix-sock.te
@@ -0,0 +1,10 @@
+policy_module(httpd-unix-sock, 0.0.1)
+
+require {
+    type httpd_t;
+    type unconfined_service_t;
+}
+
+files_search_pids(httpd_t);
+files_write_generic_pid_pipes(httpd_t);
+allow httpd_t unconfined_service_t:unix_stream_socket { getattr connectto };
diff --git a/subsonic/subsonic.te b/subsonic/subsonic.te
index 0b8aa93..b498825 100644
--- a/subsonic/subsonic.te
+++ b/subsonic/subsonic.te
@@ -1,4 +1,4 @@
-policy_module(subsonic, 0.1.69)
+policy_module(subsonic, 0.1.73)
 
 require {
     type init_t;
@@ -46,20 +46,23 @@ _sky_java_process(subsonic_t)
 
 read_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
 read_lnk_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
+mmap_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
+
 read_files_pattern(subsonic_t, public_content_t, public_content_t)
 read_lnk_files_pattern(subsonic_t, public_content_t, public_content_t)
-mmap_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
+mmap_files_pattern(subsonic_t, public_content_t, public_content_t)
 
 manage_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
 manage_dirs_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
 manage_lnk_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
-manage_files_pattern(subsonic_t, public_content_rw_t, public_content_rw_t)
 mmap_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
 
+manage_files_pattern(subsonic_t, public_content_rw_t, public_content_rw_t)
+mmap_files_pattern(subsonic_t, public_content_rw_t, public_content_rw_t)
+
 sysnet_dns_name_resolve(subsonic_t)
 
 sssd_read_public_files(subsonic_t)
 
 dev_read_rand(subsonic_t)
 dev_read_sysfs(subsonic_t)
-