Update local_zoneminder.te
Changes based on forum feedback
This commit is contained in:
parent
c3200dfec7
commit
bc4630fddc
|
@ -1,7 +1,33 @@
|
|||
|
||||
module local_zoneminder 1.0;
|
||||
module local_zoneminder 1.1;
|
||||
|
||||
require {
|
||||
type afs_ka_port_t;
|
||||
type netsupport_port_t;
|
||||
type port_t;
|
||||
type presence_port_t;
|
||||
type postfix_pickup_t;
|
||||
type httpd_t;
|
||||
type var_lib_t;
|
||||
type ionixnetmon_port_t;
|
||||
type glance_port_t;
|
||||
type mmcc_port_t;
|
||||
type postfix_master_t;
|
||||
type commplex_port_t;
|
||||
type syslogd_port_t;
|
||||
type dcc_port_t;
|
||||
type sip_port_t;
|
||||
type amqp_port_t;
|
||||
type condor_port_t;
|
||||
type afs_fs_port_t;
|
||||
type nodejs_debug_port_t;
|
||||
type httpd_var_lib_t;
|
||||
type websm_port_t;
|
||||
type afs_pt_port_t;
|
||||
type postfix_qmgr_t;
|
||||
type git_port_t;
|
||||
type ipp_port_t;
|
||||
type aol_port_t;
|
||||
type unconfined_t;
|
||||
type kernel_t;
|
||||
type init_t;
|
||||
|
@ -24,10 +50,11 @@ require {
|
|||
type dhcpc_t;
|
||||
type v4l_device_t;
|
||||
type file_t;
|
||||
class sock_file write;
|
||||
class sock_file { write create unlink };
|
||||
class unix_stream_socket { read connectto };
|
||||
class lnk_file { write getattr read lock unlink };
|
||||
class lnk_file { write create getattr read lock unlink };
|
||||
class dir search;
|
||||
class udp_socket name_bind;
|
||||
class file { write getattr read lock unlink open };
|
||||
class shm { unix_read unix_write associate read write getattr };
|
||||
class chr_file getattr;
|
||||
|
@ -70,3 +97,27 @@ allow httpd_t unconfined_t:dir search;
|
|||
allow httpd_t unconfined_t:file { read getattr open };
|
||||
allow httpd_t var_lib_t:lnk_file { write getattr read lock unlink };
|
||||
allow httpd_t v4l_device_t:chr_file getattr;
|
||||
allow httpd_t afs_fs_port_t:udp_socket name_bind;
|
||||
allow httpd_t afs_ka_port_t:udp_socket name_bind;
|
||||
allow httpd_t afs_pt_port_t:udp_socket name_bind;
|
||||
allow httpd_t amqp_port_t:udp_socket name_bind;
|
||||
allow httpd_t aol_port_t:udp_socket name_bind;
|
||||
allow httpd_t commplex_port_t:udp_socket name_bind;
|
||||
allow httpd_t condor_port_t:udp_socket name_bind;
|
||||
allow httpd_t dcc_port_t:udp_socket name_bind;
|
||||
allow httpd_t git_port_t:udp_socket name_bind;
|
||||
allow httpd_t glance_port_t:udp_socket name_bind;
|
||||
allow httpd_t httpd_var_lib_t:lnk_file create;
|
||||
allow httpd_t ionixnetmon_port_t:udp_socket name_bind;
|
||||
allow httpd_t ipp_port_t:udp_socket name_bind;
|
||||
allow httpd_t mmcc_port_t:udp_socket name_bind;
|
||||
allow httpd_t netsupport_port_t:udp_socket name_bind;
|
||||
allow httpd_t nodejs_debug_port_t:udp_socket name_bind;
|
||||
allow httpd_t port_t:udp_socket name_bind;
|
||||
allow httpd_t postfix_master_t:dir search;
|
||||
allow httpd_t postfix_master_t:file { read getattr open };
|
||||
allow httpd_t postfix_pickup_t:dir search;
|
||||
allow httpd_t postfix_pickup_t:file { read getattr open };
|
||||
allow httpd_t postfix_qmgr_t:dir search;
|
||||
allow httpd_t postfix_qmgr_t:file { read getattr open };
|
||||
allow httpd_t presence_port_t:udp_socket name_bind;
|
||||
|
|
Loading…
Reference in New Issue