[BackupPC] add dir read to selinux context
Bernard Johnson
bjohnson at fedoraproject.org
Thu Sep 22 05:25:07 UTC 2011
commit 39950154b2696fda070564707c88a7d8440faeff
Author: Bernard Johnson <bjohnson at symetrix.com>
Date: Wed Sep 21 23:24:17 2011 -0600
add dir read to selinux context
BackupPC.spec | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/BackupPC.spec b/BackupPC.spec
index 00e1d36..1bcfb59 100644
--- a/BackupPC.spec
+++ b/BackupPC.spec
@@ -103,7 +103,7 @@ cp %{SOURCE4} BackupPC_Admin.c
pushd selinux
cat >%{name}.te <<EOF
-policy_module(%{name},0.0.4)
+policy_module(%{name},0.0.5)
require {
type var_log_t;
type httpd_t;
@@ -118,6 +118,7 @@ require {
class sock_file getattr;
type httpd_log_t;
class file open;
+ class dir read;
}
allow httpd_t var_run_t:sock_file write;
@@ -127,6 +128,7 @@ allow httpd_t sendmail_exec_t:file getattr;
allow httpd_t ssh_exec_t:file getattr;
allow httpd_t var_run_t:sock_file getattr;
allow httpd_t httpd_log_t:file open;
+allow httpd_t httpd_log_t:dir read;
EOF
cat >%{name}.fc <<EOF
@@ -330,10 +332,11 @@ fi
%endif
%changelog
-* Mon Sep 19 2011 Bernard Johnson <bjohnson at symetrix.com> - 3.2.1-5
+* Wed Sep 21 2011 Bernard Johnson <bjohnson at symetrix.com> - 3.2.1-6
- fix postun scriptlet error (bz #736946)
- make postun scriptlet more coherent
-- change selinux context on log files to httpd_log_t (bz #730704)
+- change selinux context on log files to httpd_log_t and allow access
+ to them (bz #730704)
* Fri Aug 12 2011 Bernard Johnson <bjohnson at symetrix.com> - 3.2.1-4
- change macro conditionals to include tmpfiles.d support starting at
More information about the scm-commits
mailing list