projects
/
gruntmaster-daemon.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
07d71f4
)
Let gruntmasterd_t connect to DNS and HTTP
author
Marius Gavrilescu
<marius@ieval.ro>
Tue, 11 Feb 2014 12:20:09 +0000
(14:20 +0200)
committer
Marius Gavrilescu
<marius@ieval.ro>
Tue, 11 Feb 2014 19:55:13 +0000
(21:55 +0200)
selinux/gruntmasterd.te
patch
|
blob
|
blame
|
history
diff --git
a/selinux/gruntmasterd.te
b/selinux/gruntmasterd.te
index 9bcba33fd3c9a8b48c72bfea46ede7af3c9bcf21..1cb8f1228a5c2437de67c35bc94808d1f435efbd 100644
(file)
--- a/
selinux/gruntmasterd.te
+++ b/
selinux/gruntmasterd.te
@@
-11,10
+11,12
@@
define(`gruntmaster_everything', `domain_everything_files(gruntmasterd_t, $1)')
require{
type bin_t;
require{
type bin_t;
+ type http_port_t;
type httpd_sys_content_rw_t;
type httpd_sys_content_t;
type httpd_t;
type httpd_tmp_t;
type httpd_sys_content_rw_t;
type httpd_sys_content_t;
type httpd_t;
type httpd_tmp_t;
+ type net_conf_t;
type port_t;
type proc_t;
type urandom_device_t;
type port_t;
type proc_t;
type urandom_device_t;
@@
-65,6
+67,9
@@
allow gruntmasterd_t self:fifo_file everything_file_perms;
allow gruntmasterd_t urandom_device_t:chr_file read_file_perms;
allow gruntmasterd_t { gruntmaster_compile_exec_t gruntmaster_job_exec_t } : file execute;
allow gruntmasterd_t port_t:tcp_socket name_connect;
allow gruntmasterd_t urandom_device_t:chr_file read_file_perms;
allow gruntmasterd_t { gruntmaster_compile_exec_t gruntmaster_job_exec_t } : file execute;
allow gruntmasterd_t port_t:tcp_socket name_connect;
+allow gruntmasterd_t http_port_t:tcp_socket name_connect;
+allow gruntmasterd_t net_conf_t:file { read getattr open };
+allow gruntmasterd_t self:udp_socket { write read create connect getattr };
allow gruntmasterd_t self:tcp_socket { read write create ioctl connect };
dontaudit gruntmasterd_t { gruntmaster_compile_t gruntmaster_job_t } : process noatsecure;
allow gruntmasterd_t self:tcp_socket { read write create ioctl connect };
dontaudit gruntmasterd_t { gruntmaster_compile_t gruntmaster_job_t } : process noatsecure;
This page took
0.011076 seconds
and
4
git commands to generate.