Search
j0ke.net Open Build Service
>
Projects
>
Apache
:
Modules
>
apache2-mod_fastcgi
> mod_fastcgi.te
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File mod_fastcgi.te of Package apache2-mod_fastcgi
# Increment for changes module mod_fastcgi 1.0.0; require { type devpts_t; type httpd_t; type httpd_log_t; type httpd_suexec_t; type httpd_sys_script_t; type httpd_var_run_t; class chr_file { ioctl }; class dir { setattr create }; class file { ioctl }; class process { siginh rlimitinh noatsecure }; class sock_file { getattr setattr read write unlink create }; class unix_stream_socket { read write }; }; # Allow mod_fastcgi to manipulate sockets allow httpd_t httpd_var_run_t:sock_file { getattr setattr read write unlink create }; allow httpd_sys_script_t httpd_var_run_t:sock_file { getattr setattr read write unlink create }; # fastcgi is wrapped in suexec, so we need to allow some suexec stuff too allow httpd_suexec_t httpd_t:unix_stream_socket { read write }; allow httpd_suexec_t httpd_suexec_t:process { siginh rlimitinh noatsecure }; allow httpd_suexec_t httpd_sys_script_t:process { siginh rlimitinh noatsecure }; # Allow httpd to create and use files and sockets for communicating with mod_fastcgi allow httpd_t httpd_var_run_t:dir { setattr create }; # These are probably leaked file descriptors (per Atomic mod_fcgi-selinux RPM) dontaudit httpd_t devpts_t:chr_file ioctl; dontaudit httpd_sys_script_t httpd_log_t:file ioctl;