73 lines
3.2 KiB
Plaintext
73 lines
3.2 KiB
Plaintext
|
|
module local_zoneminder 1.0;
|
|
|
|
require {
|
|
type unconfined_t;
|
|
type kernel_t;
|
|
type init_t;
|
|
type auditd_t;
|
|
type mysqld_t;
|
|
type httpd_log_t;
|
|
type syslogd_t;
|
|
type httpd_t;
|
|
type initrc_state_t;
|
|
type initrc_t;
|
|
type var_lib_t;
|
|
type udev_t;
|
|
type mysqld_safe_t;
|
|
type sshd_t;
|
|
type crond_t;
|
|
type getty_t;
|
|
type httpd_var_lib_t;
|
|
type initrc_var_run_t;
|
|
type tmpfs_t;
|
|
type dhcpc_t;
|
|
type v4l_device_t;
|
|
type file_t;
|
|
class sock_file write;
|
|
class unix_stream_socket { read connectto };
|
|
class lnk_file { write getattr read lock unlink };
|
|
class dir search;
|
|
class file { write getattr read lock unlink open };
|
|
class shm { unix_read unix_write associate read write getattr };
|
|
class chr_file getattr;
|
|
}
|
|
|
|
#============= httpd_t ==============
|
|
allow httpd_t auditd_t:dir search;
|
|
allow httpd_t auditd_t:file { read getattr open };
|
|
allow httpd_t crond_t:dir search;
|
|
allow httpd_t crond_t:file { read getattr open };
|
|
allow httpd_t dhcpc_t:dir search;
|
|
allow httpd_t dhcpc_t:file { read getattr open };
|
|
allow httpd_t getty_t:dir search;
|
|
allow httpd_t getty_t:file { read getattr open };
|
|
allow httpd_t httpd_log_t:file write;
|
|
allow httpd_t httpd_var_lib_t:lnk_file { write getattr read lock unlink };
|
|
allow httpd_t init_t:dir search;
|
|
allow httpd_t init_t:file { read getattr open };
|
|
#!!!! The source type 'httpd_t' can write to a 'file' of the following types:
|
|
# squirrelmail_spool_t, dirsrvadmin_config_t, httpd_lock_t, dirsrv_config_t, httpd_tmp_t, dirsrvadmin_tmp_t, httpd_cache_t, httpd_tmpfs_t, httpd_squirrelmail_t, dirsrv_var_log_t, zarafa_var_lib_t, dirsrv_var_run_t, httpd_var_lib_t, httpd_var_run_t, passenger_tmp_t, httpd_nutups_cgi_rw_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_dspam_rw_content_t, httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, httpd_prewikka_rw_content_t, httpd_smokeping_cgi_rw_content_t, passenger_var_run_t, httpd_openshift_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_w3c_validator_rw_content_t, httpd_user_rw_content_t, httpd_awstats_rw_content_t, httpdcontent, httpd_cobbler_rw_content_t, root_t, httpd_munin_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t, httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t
|
|
|
|
allow httpd_t initrc_state_t:file { read write getattr unlink open };
|
|
allow httpd_t initrc_t:unix_stream_socket connectto;
|
|
allow httpd_t initrc_t:shm { unix_read unix_write associate read write getattr };
|
|
allow httpd_t initrc_var_run_t:file { read lock open };
|
|
allow httpd_t kernel_t:dir search;
|
|
allow httpd_t kernel_t:file { read getattr open };
|
|
allow httpd_t mysqld_safe_t:dir search;
|
|
allow httpd_t mysqld_safe_t:file { read getattr open };
|
|
allow httpd_t mysqld_t:dir search;
|
|
allow httpd_t mysqld_t:file { read getattr open };
|
|
allow httpd_t sshd_t:dir search;
|
|
allow httpd_t sshd_t:file { read getattr open };
|
|
allow httpd_t syslogd_t:dir search;
|
|
allow httpd_t syslogd_t:file { read getattr open };
|
|
allow httpd_t tmpfs_t:sock_file write;
|
|
allow httpd_t udev_t:dir search;
|
|
allow httpd_t udev_t:file { read getattr open };
|
|
allow httpd_t unconfined_t:dir search;
|
|
allow httpd_t unconfined_t:file { read getattr open };
|
|
allow httpd_t var_lib_t:lnk_file { write getattr read lock unlink };
|
|
allow httpd_t v4l_device_t:chr_file getattr;
|