ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update local_zoneminder.te 

Changes based on forum feedback
This commit is contained in:
Andrew Bauer 2014-02-22 15:39:10 -06:00
parent c3200dfec7
commit bc4630fddc
1 changed files with 54 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
distros/redhat/local_zoneminder.te
View File

@ -1,7 +1,33 @@
module local_zoneminder 1.0; module local_zoneminder 1.1;
require { require {
type afs_ka_port_t;
type netsupport_port_t;
type port_t;
type presence_port_t;
type postfix_pickup_t;
type httpd_t;
type var_lib_t;
type ionixnetmon_port_t;
type glance_port_t;
type mmcc_port_t;
type postfix_master_t;
type commplex_port_t;
type syslogd_port_t;
type dcc_port_t;
type sip_port_t;
type amqp_port_t;
type condor_port_t;
type afs_fs_port_t;
type nodejs_debug_port_t;
type httpd_var_lib_t;
type websm_port_t;
type afs_pt_port_t;
type postfix_qmgr_t;
type git_port_t;
type ipp_port_t;
type aol_port_t;
type unconfined_t; type unconfined_t;
type kernel_t; type kernel_t;
type init_t; type init_t;
@ -24,10 +50,11 @@ require {
type dhcpc_t; type dhcpc_t;
type v4l_device_t; type v4l_device_t;
type file_t; type file_t;
class sock_file write; class sock_file { write create unlink };
class unix_stream_socket { read connectto }; class unix_stream_socket { read connectto };
class lnk_file { write getattr read lock unlink }; class lnk_file { write create getattr read lock unlink };
class dir search; class dir search;
class udp_socket name_bind;
class file { write getattr read lock unlink open }; class file { write getattr read lock unlink open };
class shm { unix_read unix_write associate read write getattr }; class shm { unix_read unix_write associate read write getattr };
class chr_file getattr; class chr_file getattr;
@ -70,3 +97,27 @@ allow httpd_t unconfined_t:dir search;
allow httpd_t unconfined_t:file { read getattr open }; allow httpd_t unconfined_t:file { read getattr open };
allow httpd_t var_lib_t:lnk_file { write getattr read lock unlink }; allow httpd_t var_lib_t:lnk_file { write getattr read lock unlink };
allow httpd_t v4l_device_t:chr_file getattr; allow httpd_t v4l_device_t:chr_file getattr;
allow httpd_t afs_fs_port_t:udp_socket name_bind;
allow httpd_t afs_ka_port_t:udp_socket name_bind;
allow httpd_t afs_pt_port_t:udp_socket name_bind;
allow httpd_t amqp_port_t:udp_socket name_bind;
allow httpd_t aol_port_t:udp_socket name_bind;
allow httpd_t commplex_port_t:udp_socket name_bind;
allow httpd_t condor_port_t:udp_socket name_bind;
allow httpd_t dcc_port_t:udp_socket name_bind;
allow httpd_t git_port_t:udp_socket name_bind;
allow httpd_t glance_port_t:udp_socket name_bind;
allow httpd_t httpd_var_lib_t:lnk_file create;
allow httpd_t ionixnetmon_port_t:udp_socket name_bind;
allow httpd_t ipp_port_t:udp_socket name_bind;
allow httpd_t mmcc_port_t:udp_socket name_bind;
allow httpd_t netsupport_port_t:udp_socket name_bind;
allow httpd_t nodejs_debug_port_t:udp_socket name_bind;
allow httpd_t port_t:udp_socket name_bind;
allow httpd_t postfix_master_t:dir search;
allow httpd_t postfix_master_t:file { read getattr open };
allow httpd_t postfix_pickup_t:dir search;
allow httpd_t postfix_pickup_t:file { read getattr open };
allow httpd_t postfix_qmgr_t:dir search;
allow httpd_t postfix_qmgr_t:file { read getattr open };
allow httpd_t presence_port_t:udp_socket name_bind;