Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sat, 21 Jun 2014 18:36:44
Message-Id: 1403375744.0a38de932f0c01b5d7850f72437215fa50dc97d7.swift@gentoo
1 commit: 0a38de932f0c01b5d7850f72437215fa50dc97d7
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Sat Jun 21 18:35:44 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sat Jun 21 18:35:44 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0a38de93
7
8 Fix bug #513362 - Support hiawatha within httpd_t domain
9
10 ---
11 policy/modules/contrib/apache.fc | 15 +++++++++++++++
12 policy/modules/contrib/apache.te | 17 +++++++++++++++--
13 2 files changed, 30 insertions(+), 2 deletions(-)
14
15 diff --git a/policy/modules/contrib/apache.fc b/policy/modules/contrib/apache.fc
16 index ff4abce..ab4a625 100644
17 --- a/policy/modules/contrib/apache.fc
18 +++ b/policy/modules/contrib/apache.fc
19 @@ -166,4 +166,19 @@ ifdef(`distro_suse',`
20
21 ifdef(`distro_gentoo',`
22 /usr/share/build-1/libtool -- gen_context(system_u:object_r:bin_t,s0)
23 +
24 +# Support for Hiawatha bug 513362
25 +/etc/hiawatha(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
26 +
27 +/etc/rc\.d/init\.d/hiawatha -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
28 +
29 +/usr/bin/ssi-cgi -- gen_context(system_u:object_r:httpd_exec_t,s0)
30 +
31 +/usr/sbin/cgi-wrapper -- gen_context(system_u:object_r:httpd_exec_t,s0)
32 +/usr/sbin/hiawatha -- gen_context(system_u:object_r:httpd_exec_t,s0)
33 +/usr/sbin/wigwam -- gen_context(system_u:object_r:httpd_exec_t,s0)
34 +
35 +/var/lib/hiawatha(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
36 +
37 +/var/log/hiawatha(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
38 ')
39
40 diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
41 index 4faa22c..c4264c4 100644
42 --- a/policy/modules/contrib/apache.te
43 +++ b/policy/modules/contrib/apache.te
44 @@ -1427,6 +1427,19 @@ optional_policy(`
45 ')
46
47 ifdef(`distro_gentoo',`
48 - init_daemon_run_dir(httpd_var_run_t, "apache_ssl_mutex")
49 - init_daemon_run_dir(httpd_var_run_t, "apache2")
50 +## <desc>
51 +## <p>
52 +## Enable specific permissions for the Hiawatha web server
53 +## </p>
54 +## </desc>
55 +gen_tunable(hiawatha_httpd, false)
56 +
57 +init_daemon_run_dir(httpd_var_run_t, "apache_ssl_mutex")
58 +init_daemon_run_dir(httpd_var_run_t, "apache2")
59 +
60 +tunable_policy(`hiawatha_httpd',`
61 + # bug 513362
62 + allow httpd_t self:capability fowner;
63 +')
64 +
65 ')
Report Message
Find on MARC Find on Google Groups