[rOCCI-server] New rule needed in SELinux policy.
František Dvořák
valtri at fedoraproject.org
Wed Feb 18 17:19:06 UTC 2015
commit 653644379d92c6edffceb50411077c523f0d569f
Author: František Dvořák <valtri at civ.zcu.cz>
Date: Tue Feb 17 22:50:37 2015 +0100
New rule needed in SELinux policy.
rocci_server.te | 8 +++-----
1 files changed, 3 insertions(+), 5 deletions(-)
---
diff --git a/rocci_server.te b/rocci_server.te
index 875249a..ca36137 100644
--- a/rocci_server.te
+++ b/rocci_server.te
@@ -1,4 +1,4 @@
-module rocci_server 1.0.1;
+module rocci_server 1.0.2;
require {
type anon_inodefs_t;
@@ -34,10 +34,8 @@ allow httpd_t passenger_tmp_t:sock_file write;
# Fedora >= 22
allow httpd_t pki_ocsp_port_t:tcp_socket name_bind;
-allow httpd_t passenger_log_t:dir add_name;
-allow httpd_t passenger_log_t:dir write;
-allow httpd_t passenger_log_t:file create;
-allow httpd_t passenger_log_t:file open;
+allow httpd_t passenger_log_t:dir { add_name write};
+allow httpd_t passenger_log_t:file { create open write };
# This avc can be allowed using the boolean 'httpd_run_stickshift' (if anybody
# knows what that boolean does :-))
allow httpd_t passenger_var_lib_t:dir read;
More information about the scm-commits
mailing list