Merge branch 'master' of https://github.com/ZoneMinder/ZoneMinder into debian_dep
This commit is contained in:
commit
61118142b9
|
@ -70,7 +70,8 @@ too much degradation of performance.
|
|||
./utils/zmeditconfigdata.sh ZM_PATH_SWAP /dev/shm
|
||||
./utils/zmeditconfigdata.sh ZM_UPLOAD_FTP_LOC_DIR /var/spool/zoneminder-upload
|
||||
./utils/zmeditconfigdata.sh ZM_OPT_CONTROL yes
|
||||
|
||||
./utils/zmeditconfigdata.sh ZM_CHECK_FOR_UPDATES no
|
||||
./utils/zmeditconfigdata.sh ZM_DYN_SHOW_DONATE_REMINDER no
|
||||
|
||||
%build
|
||||
%cmake \
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
|
||||
module local_zoneminder 1.1;
|
||||
module local_zoneminder 1.2;
|
||||
|
||||
require {
|
||||
type afs_ka_port_t;
|
||||
type netsupport_port_t;
|
||||
type port_t;
|
||||
type presence_port_t;
|
||||
type postfix_master_t;
|
||||
type postfix_qmgr_t;
|
||||
type postfix_pickup_t;
|
||||
type httpd_t;
|
||||
type var_lib_t;
|
||||
|
@ -53,7 +54,7 @@ require {
|
|||
class sock_file { write create unlink };
|
||||
class unix_stream_socket { read connectto };
|
||||
class lnk_file { write create getattr read lock unlink };
|
||||
class dir search;
|
||||
class dir {search getattr };
|
||||
class udp_socket name_bind;
|
||||
class file { write getattr read lock unlink open };
|
||||
class shm { unix_read unix_write associate read write getattr };
|
||||
|
@ -61,41 +62,42 @@ require {
|
|||
}
|
||||
|
||||
#============= httpd_t ==============
|
||||
allow httpd_t auditd_t:dir search;
|
||||
allow httpd_t auditd_t:dir { search getattr };
|
||||
allow httpd_t auditd_t:file { read getattr open };
|
||||
allow httpd_t crond_t:dir search;
|
||||
allow httpd_t crond_t:dir { search getattr };
|
||||
allow httpd_t crond_t:file { read getattr open };
|
||||
allow httpd_t dhcpc_t:dir search;
|
||||
allow httpd_t dhcpc_t:dir { search getattr };
|
||||
allow httpd_t dhcpc_t:file { read getattr open };
|
||||
allow httpd_t getty_t:dir search;
|
||||
allow httpd_t getty_t:dir { search getattr };
|
||||
allow httpd_t getty_t:file { read getattr open };
|
||||
allow httpd_t httpd_log_t:file write;
|
||||
allow httpd_t httpd_var_lib_t:lnk_file { write getattr read lock unlink };
|
||||
allow httpd_t init_t:dir search;
|
||||
allow httpd_t init_t:dir { search getattr };
|
||||
allow httpd_t init_t:file { read getattr open };
|
||||
#!!!! The source type 'httpd_t' can write to a 'file' of the following types:
|
||||
# squirrelmail_spool_t, dirsrvadmin_config_t, httpd_lock_t, dirsrv_config_t, httpd_tmp_t, dirsrvadmin_tmp_t, httpd_cache_t, httpd_tmpfs_t, httpd_squirrelmail_t, dirsrv_var_log_t, zarafa_var_lib_t, dirsrv_var_run_t, httpd_var_lib_t, httpd_var_run_t, passenger_tmp_t, httpd_nutups_cgi_rw_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_dspam_rw_content_t, httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, httpd_prewikka_rw_content_t, httpd_smokeping_cgi_rw_content_t, passenger_var_run_t, httpd_openshift_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_w3c_validator_rw_content_t, httpd_user_rw_content_t, httpd_awstats_rw_content_t, httpdcontent, httpd_cobbler_rw_content_t, root_t, httpd_munin_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t, httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t
|
||||
#squirrelmail_spool_t, mirrormanager_var_run_t, dirsrvadmin_config_t, httpd_lock_t, httpd_tmp_t, dirsrv_config_t, dirsrvadmin_tmp_t, httpd_cache_t, httpd_tmpfs_t, httpd_squirrelmail_t, dirsrv_var_run_t, dirsrv_var_log_t, httpd_var_lib_t, httpd_var_run_t, zarafa_var_lib_t, httpd_prewikka_rw_content_t, httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, passenger_var_run_t, httpd_smokeping_cgi_rw_content_t, httpd_openshift_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_w3c_validator_rw_content_t, httpd_collectd_rw_content_t, cluster_var_lib_t, cluster_var_run_t, httpd_user_rw_content_t, httpd_awstats_rw_content_t, httpdcontent, root_t, httpd_cobbler_rw_content_t, httpd_munin_rw_content_t, cluster_conf_t, httpd_bugzilla_rw_content_t, passenger_tmp_t, httpd_cvs_rw_content_t, httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_dspam_rw_content_t
|
||||
|
||||
allow httpd_t initrc_state_t:file { read write getattr unlink open };
|
||||
allow httpd_t initrc_t:unix_stream_socket connectto;
|
||||
allow httpd_t initrc_t:shm { unix_read unix_write associate read write getattr };
|
||||
allow httpd_t initrc_var_run_t:file { read lock open };
|
||||
allow httpd_t kernel_t:dir search;
|
||||
allow httpd_t initrc_var_run_t:file { write read lock open };
|
||||
allow httpd_t kernel_t:dir { search getattr };
|
||||
allow httpd_t kernel_t:file { read getattr open };
|
||||
allow httpd_t mysqld_safe_t:dir search;
|
||||
allow httpd_t mysqld_safe_t:dir { search getattr };
|
||||
allow httpd_t mysqld_safe_t:file { read getattr open };
|
||||
allow httpd_t mysqld_t:dir search;
|
||||
allow httpd_t mysqld_t:dir { search getattr };
|
||||
allow httpd_t mysqld_t:file { read getattr open };
|
||||
allow httpd_t sshd_t:dir search;
|
||||
allow httpd_t sshd_t:dir { search getattr };
|
||||
allow httpd_t sshd_t:file { read getattr open };
|
||||
allow httpd_t syslogd_t:dir search;
|
||||
allow httpd_t syslogd_t:dir { search getattr };
|
||||
allow httpd_t syslogd_t:file { read getattr open };
|
||||
allow httpd_t tmpfs_t:sock_file write;
|
||||
allow httpd_t udev_t:dir search;
|
||||
allow httpd_t udev_t:dir { search getattr };
|
||||
allow httpd_t udev_t:file { read getattr open };
|
||||
allow httpd_t unconfined_t:dir search;
|
||||
allow httpd_t unconfined_t:dir { search getattr };
|
||||
allow httpd_t unconfined_t:file { read getattr open };
|
||||
allow httpd_t var_lib_t:lnk_file { write getattr read lock unlink };
|
||||
allow httpd_t var_lib_t:sock_file { write unlink };
|
||||
allow httpd_t v4l_device_t:chr_file getattr;
|
||||
allow httpd_t afs_fs_port_t:udp_socket name_bind;
|
||||
allow httpd_t afs_ka_port_t:udp_socket name_bind;
|
||||
|
@ -114,10 +116,10 @@ allow httpd_t mmcc_port_t:udp_socket name_bind;
|
|||
allow httpd_t netsupport_port_t:udp_socket name_bind;
|
||||
allow httpd_t nodejs_debug_port_t:udp_socket name_bind;
|
||||
allow httpd_t port_t:udp_socket name_bind;
|
||||
allow httpd_t postfix_master_t:dir search;
|
||||
allow httpd_t postfix_master_t:dir { search getattr };
|
||||
allow httpd_t postfix_master_t:file { read getattr open };
|
||||
allow httpd_t postfix_pickup_t:dir search;
|
||||
allow httpd_t postfix_pickup_t:dir { search getattr };
|
||||
allow httpd_t postfix_pickup_t:file { read getattr open };
|
||||
allow httpd_t postfix_qmgr_t:dir search;
|
||||
allow httpd_t postfix_qmgr_t:dir { search getattr };
|
||||
allow httpd_t postfix_qmgr_t:file { read getattr open };
|
||||
allow httpd_t presence_port_t:udp_socket name_bind;
|
||||
|
|
|
@ -67,6 +67,8 @@ too much degradation of performance.
|
|||
./utils/zmeditconfigdata.sh ZM_PATH_SWAP /dev/shm
|
||||
./utils/zmeditconfigdata.sh ZM_UPLOAD_FTP_LOC_DIR /var/spool/zoneminder-upload
|
||||
./utils/zmeditconfigdata.sh ZM_OPT_CONTROL yes
|
||||
./utils/zmeditconfigdata.sh ZM_CHECK_FOR_UPDATES no
|
||||
./utils/zmeditconfigdata.sh ZM_DYN_SHOW_DONATE_REMINDER no
|
||||
|
||||
%build
|
||||
# Have to override CMAKE_INSTALL_LIBDIR for cmake < 2.8.7 due to this bug:
|
||||
|
|
Loading…
Reference in New Issue