psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame tomcat.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   tomcat.te
Blob History Raw
4c5ec89 
policy_module(tomcat, 1.0.0)
4c5ec89
4c5ec89 
########################################
4c5ec89 
#
4c5ec89 
# Declarations
4c5ec89 
#
4c5ec89
4c5ec89 
attribute tomcat_domain;
4c5ec89
4c5ec89 
tomcat_domain_template(tomcat)
4c5ec89
4c5ec89 
type tomcat_unit_file_t;
4c5ec89 
systemd_unit_file(tomcat_unit_file_t)
4c5ec89
4c5ec89 
#######################################
4c5ec89 
#
4c5ec89 
# tomcat local policy
4c5ec89 
#
4c5ec89
4c5ec89 
optional_policy(`
4c5ec89 
	unconfined_domain(tomcat_t)
4c5ec89 
')
4c5ec89
4c5ec89 
########################################
4c5ec89 
#
4c5ec89 
# tomcat domain local policy
4c5ec89 
#
4c5ec89
4c5ec89 
allow tomcat_t self:process execmem;
4c5ec89 
allow tomcat_t self:process { signal signull };
4c5ec89
4c5ec89 
allow tomcat_t self:tcp_socket { accept listen };
4c5ec89 
allow tomcat_domain self:fifo_file rw_fifo_file_perms;
4c5ec89 
allow tomcat_domain self:unix_stream_socket create_stream_socket_perms;
4c5ec89
b623cb0 
# we want to stay in a new tomcat domain if we call tomcat binary from a script
b623cb0 
# initrc_t@tomcat_test_exec_t->tomcat_test_t@tomcat_exec_t->tomcat_test_t
b623cb0 
can_exec(tomcat_domain, tomcat_exec_t)
b623cb0
4c5ec89 
kernel_read_network_state(tomcat_domain)
4c5ec89
4c5ec89 
corecmd_exec_bin(tomcat_domain)
4c5ec89 
corecmd_exec_shell(tomcat_domain)
4c5ec89
4c5ec89 
corenet_tcp_bind_generic_node(tomcat_domain)
4c5ec89 
corenet_udp_bind_generic_node(tomcat_domain)
4c5ec89 
corenet_tcp_bind_http_port(tomcat_domain)
4c5ec89 
corenet_tcp_bind_http_cache_port(tomcat_domain)
4c5ec89 
corenet_tcp_bind_mxi_port(tomcat_domain)
4c5ec89 
corenet_tcp_connect_http_port(tomcat_domain)
4c5ec89 
corenet_tcp_connect_mxi_port(tomcat_domain)
4c5ec89
4c5ec89 
dev_read_rand(tomcat_domain)
4c5ec89 
dev_read_urand(tomcat_domain)
4c5ec89 
dev_read_sysfs(tomcat_domain)
4c5ec89
4c5ec89 
domain_use_interactive_fds(tomcat_domain)
4c5ec89
4c5ec89 
fs_getattr_all_fs(tomcat_domain)
4c5ec89 
fs_read_hugetlbfs_files(tomcat_domain)
4c5ec89
4c5ec89
4c5ec89 
auth_read_passwd(tomcat_domain)
4c5ec89
4c5ec89 
sysnet_dns_name_resolve(tomcat_domain)
4c5ec89
4676a5e 
optional_policy(`
4676a5e 
	tomcat_search_lib(tomcat_domain)
4676a5e 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.