Let gruntmasterd_t connect to DNS and HTTP
authorMarius Gavrilescu <marius@ieval.ro>
Tue, 11 Feb 2014 12:20:09 +0000 (14:20 +0200)
committerMarius Gavrilescu <marius@ieval.ro>
Tue, 11 Feb 2014 19:55:13 +0000 (21:55 +0200)
selinux/gruntmasterd.te

index 9bcba33..1cb8f12 100644 (file)
@@ -11,10 +11,12 @@ define(`gruntmaster_everything',  `domain_everything_files(gruntmasterd_t, $1)')
 
 require{
        type bin_t;
+       type http_port_t;
        type httpd_sys_content_rw_t;
        type httpd_sys_content_t;
        type httpd_t;
        type httpd_tmp_t;
+       type net_conf_t;
        type port_t;
        type proc_t;
        type urandom_device_t;
@@ -65,6 +67,9 @@ allow gruntmasterd_t self:fifo_file everything_file_perms;
 allow gruntmasterd_t urandom_device_t:chr_file read_file_perms;
 allow gruntmasterd_t { gruntmaster_compile_exec_t gruntmaster_job_exec_t } : file execute;
 allow gruntmasterd_t port_t:tcp_socket name_connect;
+allow gruntmasterd_t http_port_t:tcp_socket name_connect;
+allow gruntmasterd_t net_conf_t:file { read getattr open };
+allow gruntmasterd_t self:udp_socket { write read create connect getattr };
 allow gruntmasterd_t self:tcp_socket { read write create ioctl connect };
 dontaudit gruntmasterd_t { gruntmaster_compile_t gruntmaster_job_t } : process noatsecure;
 
This page took 0.011361 seconds and 4 git commands to generate.