apache: add nginx to policy
This is better than the current status quo of running nginx under initrc_t, a lot of other webservers are already under the apache policy (e.g. lighttpd) and this requires no additional permissions. See also the discussion from March 2013 on the selinux-refpolicy mailing list: https://lore.kernel.org/selinux-refpolicy/20110318110259.GA25236@localhost.localdomain/ Signed-off-by: bauen1 <j2468h@gmail.com>
This commit is contained in:
parent
a7a327a921
commit
6b90780fdd
|
@ -7,6 +7,7 @@ HOME_DIR/((www)|(web)|(public_html))(/.*)?/logs(/.*)? gen_context(system_u:obje
|
|||
/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/cherokee(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/drupal.* gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||
/etc/nginx(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/glpi(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||
/etc/hiawatha(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/horde(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||
|
@ -78,6 +79,7 @@ HOME_DIR/((www)|(web)|(public_html))(/.*)?/logs(/.*)? gen_context(system_u:obje
|
|||
/usr/sbin/httpd\.event -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/lighttpd -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/nginx -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/rotatelogs -- gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
|
||||
/usr/sbin/suexec -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
/usr/sbin/wigwam -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
|
@ -97,6 +99,9 @@ ifdef(`distro_suse',`
|
|||
/usr/share/mythweb/mythweb\.pl gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/usr/share/mythtv/mythweather/scripts(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/usr/share/mythtv/data(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/usr/share/nginx/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/usr/share/nginx/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/share/nginx/modules-available(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/share/ntop/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/usr/share/postfixadmin/templates_c(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||
|
@ -135,6 +140,7 @@ ifdef(`distro_suse',`
|
|||
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||
/var/lib/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||
/var/lib/nginx(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||
/var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_runtime_t,s0)
|
||||
/var/lib/pootle/po(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||
/var/lib/rt3/data/RT-Shredder(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||
|
@ -159,6 +165,7 @@ ifdef(`distro_suse',`
|
|||
/var/log/httpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/horde2(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/lighttpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/nginx(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/piranha(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/roundcubemail(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/suphp\.log.* -- gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
|
|
Loading…
Reference in New Issue