add gitosis from miroslav grepl.
This commit is contained in:
parent
634a13c21f
commit
dbed95369c
|
@ -9,6 +9,7 @@
|
||||||
- Handle unix_chkpwd usage by useradd and groupadd.
|
- Handle unix_chkpwd usage by useradd and groupadd.
|
||||||
- Add missing compatibility aliases for xdm_xserver*_t types.
|
- Add missing compatibility aliases for xdm_xserver*_t types.
|
||||||
- Added modules:
|
- Added modules:
|
||||||
|
gitosis (Miroslav Grepl)
|
||||||
hddtemp (Dan Walsh)
|
hddtemp (Dan Walsh)
|
||||||
kdump (Dan Walsh)
|
kdump (Dan Walsh)
|
||||||
shorewall (Dan Walsh)
|
shorewall (Dan Walsh)
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
|
||||||
|
|
||||||
|
/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
|
|
@ -0,0 +1,45 @@
|
||||||
|
## <summary>Tools for managing and hosting git repositories.</summary>
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Execute a domain transition to run gitosis.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed to transition.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`gitosis_domtrans',`
|
||||||
|
gen_require(`
|
||||||
|
type gitosis_t, gitosis_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
domtrans_pattern($1, gitosis_exec_t, gitosis_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Execute gitosis-serve in the gitosis domain, and
|
||||||
|
## allow the specified role the gitosis domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="role">
|
||||||
|
## <summary>
|
||||||
|
## Role allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`gitosis_run',`
|
||||||
|
gen_require(`
|
||||||
|
type gitosis_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
gitosis_domtrans($1)
|
||||||
|
role $2 types gitosis_t;
|
||||||
|
')
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
|
||||||
|
policy_module(gitosis, 1.0.0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Declarations
|
||||||
|
#
|
||||||
|
|
||||||
|
type gitosis_t;
|
||||||
|
type gitosis_exec_t;
|
||||||
|
application_domain(gitosis_t, gitosis_exec_t)
|
||||||
|
role system_r types gitosis_t;
|
||||||
|
|
||||||
|
type gitosis_var_lib_t;
|
||||||
|
files_type(gitosis_var_lib_t)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# gitosis local policy
|
||||||
|
#
|
||||||
|
|
||||||
|
allow gitosis_t self:fifo_file rw_fifo_file_perms;
|
||||||
|
|
||||||
|
exec_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
|
manage_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
|
manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
|
manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
|
|
||||||
|
corecmd_exec_bin(gitosis_t)
|
||||||
|
corecmd_exec_shell(gitosis_t)
|
||||||
|
|
||||||
|
kernel_read_system_state(gitosis_t)
|
||||||
|
|
||||||
|
files_read_usr_files(gitosis_t)
|
||||||
|
files_search_var_lib(gitosis_t)
|
||||||
|
|
||||||
|
miscfiles_read_localization(gitosis_t)
|
Loading…
Reference in New Issue