[radicale] Add radicale_var_run_t to SELinux policy 1.0.3
Juan Orti
jorti at fedoraproject.org
Tue Feb 24 12:12:22 UTC 2015
commit 883620c1e897fed5aeffce479f1d96a999a5626b
Author: Juan Orti Alcaine <juan.orti at miceliux.com>
Date: Tue Feb 24 13:12:08 2015 +0100
Add radicale_var_run_t to SELinux policy 1.0.3
radicale.fc | 2 ++
radicale.if | 43 ++++++++++++++++++++++++++++++++++++++++++-
radicale.spec | 5 ++++-
radicale.te | 8 +++++++-
4 files changed, 55 insertions(+), 3 deletions(-)
---
diff --git a/radicale.fc b/radicale.fc
index b30a923..5d4a89b 100644
--- a/radicale.fc
+++ b/radicale.fc
@@ -6,6 +6,8 @@
/var/log/radicale(/.*)? gen_context(system_u:object_r:radicale_log_t,s0)
+/var/run/radicale(/.*)? gen_context(system_u:object_r:radicale_var_run_t,s0)
+
/etc/radicale(/.*)? gen_context(system_u:object_r:radicale_etc_t,s0)
#portcon tcp 5232 gen_context(system_u:object_r:radicale_port_t,s0)
diff --git a/radicale.if b/radicale.if
index 8b14795..8fcb228 100644
--- a/radicale.if
+++ b/radicale.if
@@ -155,6 +155,43 @@ interface(`radicale_manage_lib_dirs',`
manage_dirs_pattern($1, radicale_var_lib_t, radicale_var_lib_t)
')
+#####################################
+## <summary>
+## Read radicale pid files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`radicale_read_pid_files',`
+ gen_require(`
+ type radicale_var_run_t;
+ ')
+ files_search_pids($1)
+ read_files_pattern($1, radicale_var_run_t, radicale_var_run_t)
+')
+
+#####################################
+## <summary>
+## Search radicale pid files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+##
+#
+interface(`radicale_search_pid_files',`
+ gen_require(`
+ type radicale_var_run_t;
+ ')
+ files_search_pids($1)
+ search_dirs_pattern($1, radicale_var_run_t, radicale_var_run_t)
+')
+
########################################
## <summary>
## Execute radicale server in the radicale domain.
@@ -202,7 +239,8 @@ interface(`radicale_admin',`
type radicale_t;
type radicale_log_t;
type radicale_var_lib_t;
- type radicale_unit_file_t;
+ type radicale_var_run_t;
+ type radicale_unit_file_t;
')
allow $1 radicale_t:process { ptrace signal_perms };
@@ -214,6 +252,9 @@ interface(`radicale_admin',`
files_search_var_lib($1)
admin_pattern($1, radicale_var_lib_t)
+ radicale_search_pid_files($1)
+ radicale_read_pid_files($1)
+
radicale_systemctl($1)
admin_pattern($1, radicale_unit_file_t)
allow $1 radicale_unit_file_t:service all_service_perms;
diff --git a/radicale.spec b/radicale.spec
index fdcf77b..9c34eda 100644
--- a/radicale.spec
+++ b/radicale.spec
@@ -1,6 +1,6 @@
Name: radicale
Version: 0.10
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A simple CalDAV (calendar) and CardDAV (contact) server
Group: Applications/Internet
License: GPLv3+
@@ -191,6 +191,9 @@ fi
%{_datadir}/selinux/*/%{name}.pp
%changelog
+* Tue Feb 24 2015 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.10-2
+- Add radicale_var_run_t to SELinux policy 1.0.3
+
* Tue Jan 13 2015 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.10-1
- Version 0.10
diff --git a/radicale.te b/radicale.te
index 0b466a0..f3a259e 100644
--- a/radicale.te
+++ b/radicale.te
@@ -1,4 +1,4 @@
-policy_module(radicale, 1.0.2)
+policy_module(radicale, 1.0.3)
gen_require(`
type httpd_t;
@@ -23,6 +23,9 @@ logging_log_file(radicale_log_t)
type radicale_var_lib_t;
files_type(radicale_var_lib_t)
+type radicale_var_run_t;
+files_pid_file(radicale_var_run_t)
+
type radicale_etc_t;
files_type(radicale_etc_t);
@@ -52,6 +55,9 @@ manage_files_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
manage_lnk_files_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
files_var_lib_filetrans(radicale_t, radicale_var_lib_t, { dir file lnk_file })
+manage_files_pattern(radicale_t, radicale_var_run_t, radicale_var_run_t)
+files_pid_filetrans(radicale_t, radicale_var_lib_t, file)
+
domain_use_interactive_fds(radicale_t)
files_read_etc_files(radicale_t)
More information about the scm-commits
mailing list