release-engineering/dist-git
1
0
Fork 0
mirror of https://github.com/release-engineering/dist-git.git synced 2025-02-23 15:02:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

give optional map permission to git_system_t on git_user_content_t

Browse source
This commit is contained in:
clime 2018-01-13 16:40:16 +01:00
parent 43b27145a9
commit 836f41ee80
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
selinux/dist_git.te
View file

@ -31,12 +31,15 @@ term_dontaudit_getattr_generic_ptys(httpd_git_script_t);
allow git_system_t git_user_content_t:dir { search getattr open read };
allow git_system_t git_user_content_t:file { read open getattr };
allow git_system_t git_user_content_t:lnk_file { read open getattr };
optional_policy(`
gen_require(` class file map; ')
allow git_system_t git_user_content_t:file map;
')
# For git-http-backend
allow httpd_t git_user_content_t:dir { search getattr open read };
allow httpd_t git_user_content_t:file { read open getattr };
allow httpd_t git_user_content_t:lnk_file { read open getattr };
optional_policy(`
gen_require(` class file map; ')
allow httpd_t git_user_content_t:file map;