mirror of
https://github.com/release-engineering/dist-git.git
synced 2025-02-23 15:02:54 +00:00
46 lines
1.4 KiB
Text
46 lines
1.4 KiB
Text
policy_module(dist_git,1.0.1)
|
|
|
|
|
|
require {
|
|
type httpd_git_script_t;
|
|
type git_script_tmp_t;
|
|
type git_system_t;
|
|
type git_user_content_t;
|
|
type httpd_t;
|
|
}
|
|
|
|
files_tmp_file(git_script_tmp_t);
|
|
allow httpd_git_script_t git_script_tmp_t:file manage_file_perms;
|
|
|
|
# List the contents of the sysfs directories.
|
|
dev_list_sysfs(httpd_git_script_t);
|
|
|
|
# Allow sending logs to syslog
|
|
logging_send_syslog_msg(httpd_git_script_t);
|
|
|
|
# Get the attributes of all pty device nodes.
|
|
term_getattr_all_ptys(httpd_git_script_t);
|
|
|
|
# Get the attributes of all tty device nodes.
|
|
term_getattr_all_ttys(httpd_git_script_t);
|
|
|
|
# Do not audit attempts to get the attributes of generic pty devices.
|
|
term_dontaudit_getattr_generic_ptys(httpd_git_script_t);
|
|
|
|
# For git-daemon
|
|
allow git_system_t git_user_content_t:dir { search getattr open read };
|
|
allow git_system_t git_user_content_t:file { read open getattr };
|
|
allow git_system_t git_user_content_t:lnk_file { read open getattr };
|
|
optional_policy(`
|
|
gen_require(` class file map; ')
|
|
allow git_system_t git_user_content_t:file map;
|
|
')
|
|
|
|
# For git-http-backend
|
|
allow httpd_t git_user_content_t:dir { search getattr open read };
|
|
allow httpd_t git_user_content_t:file { read open getattr };
|
|
allow httpd_t git_user_content_t:lnk_file { read open getattr };
|
|
optional_policy(`
|
|
gen_require(` class file map; ')
|
|
allow httpd_t git_user_content_t:file map;
|
|
')
|