1 |
commit: 0a38de932f0c01b5d7850f72437215fa50dc97d7 |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Sat Jun 21 18:35:44 2014 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 21 18:35:44 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0a38de93 |
7 |
|
8 |
Fix bug #513362 - Support hiawatha within httpd_t domain |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/apache.fc | 15 +++++++++++++++ |
12 |
policy/modules/contrib/apache.te | 17 +++++++++++++++-- |
13 |
2 files changed, 30 insertions(+), 2 deletions(-) |
14 |
|
15 |
diff --git a/policy/modules/contrib/apache.fc b/policy/modules/contrib/apache.fc |
16 |
index ff4abce..ab4a625 100644 |
17 |
--- a/policy/modules/contrib/apache.fc |
18 |
+++ b/policy/modules/contrib/apache.fc |
19 |
@@ -166,4 +166,19 @@ ifdef(`distro_suse',` |
20 |
|
21 |
ifdef(`distro_gentoo',` |
22 |
/usr/share/build-1/libtool -- gen_context(system_u:object_r:bin_t,s0) |
23 |
+ |
24 |
+# Support for Hiawatha bug 513362 |
25 |
+/etc/hiawatha(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) |
26 |
+ |
27 |
+/etc/rc\.d/init\.d/hiawatha -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) |
28 |
+ |
29 |
+/usr/bin/ssi-cgi -- gen_context(system_u:object_r:httpd_exec_t,s0) |
30 |
+ |
31 |
+/usr/sbin/cgi-wrapper -- gen_context(system_u:object_r:httpd_exec_t,s0) |
32 |
+/usr/sbin/hiawatha -- gen_context(system_u:object_r:httpd_exec_t,s0) |
33 |
+/usr/sbin/wigwam -- gen_context(system_u:object_r:httpd_exec_t,s0) |
34 |
+ |
35 |
+/var/lib/hiawatha(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0) |
36 |
+ |
37 |
+/var/log/hiawatha(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) |
38 |
') |
39 |
|
40 |
diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te |
41 |
index 4faa22c..c4264c4 100644 |
42 |
--- a/policy/modules/contrib/apache.te |
43 |
+++ b/policy/modules/contrib/apache.te |
44 |
@@ -1427,6 +1427,19 @@ optional_policy(` |
45 |
') |
46 |
|
47 |
ifdef(`distro_gentoo',` |
48 |
- init_daemon_run_dir(httpd_var_run_t, "apache_ssl_mutex") |
49 |
- init_daemon_run_dir(httpd_var_run_t, "apache2") |
50 |
+## <desc> |
51 |
+## <p> |
52 |
+## Enable specific permissions for the Hiawatha web server |
53 |
+## </p> |
54 |
+## </desc> |
55 |
+gen_tunable(hiawatha_httpd, false) |
56 |
+ |
57 |
+init_daemon_run_dir(httpd_var_run_t, "apache_ssl_mutex") |
58 |
+init_daemon_run_dir(httpd_var_run_t, "apache2") |
59 |
+ |
60 |
+tunable_policy(`hiawatha_httpd',` |
61 |
+ # bug 513362 |
62 |
+ allow httpd_t self:capability fowner; |
63 |
+') |
64 |
+ |
65 |
') |