rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity
23eaec9c85
selinux-policy/fix_apache.patch
Johannes Segitz b66c2b8ce6 Accepting request 1035580 from home:jsegitz:branches:security:SELinux 
- Update to version 20221019. Refreshed:
  * distro_suse_to_distro_redhat.patch
  * fix_apache.patch
  * fix_chronyd.patch
  * fix_cron.patch
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_rpm.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch
  * fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
  for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
  queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus

OBS-URL: https://build.opensuse.org/request/show/1035580
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=155
2022-11-14 08:27:42 +00:00

31 lines
943 B
Diff
Raw Blame History

Index: fedora-policy-20221019/policy/modules/contrib/apache.if
===================================================================
--- fedora-policy-20221019.orig/policy/modules/contrib/apache.if
+++ fedora-policy-20221019/policy/modules/contrib/apache.if
@@ -2007,3 +2007,25 @@ interface(`apache_read_semaphores',`
allow $1 httpd_t:sem r_sem_perms;
')
+
+#######################################
+## <summary>
+## Allow the specified domain to execute
+## httpd_sys_content_t and manage httpd_sys_rw_content_t
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`apache_exec_sys_content',`
+ gen_require(`
+ type httpd_sys_content_t;
+ type httpd_sys_rw_content_t;
+ ')
+
+ apache_manage_sys_content_rw($1)
+ filetrans_pattern($1, httpd_sys_content_t, httpd_sys_rw_content_t, { file dir lnk_file })
+ can_exec($1, httpd_sys_content_t)
+')
View Git Blame Copy Permalink