|
|
9abe38c |
--- selinux/dirsrv-admin.if 2010-01-20 10:39:35.765329723 -0800
|
|
|
9abe38c |
+++ selinux/dirsrv-admin.if 2010-01-20 11:15:09.351304364 -0800
|
|
|
9abe38c |
@@ -25,7 +25,6 @@
|
|
|
9abe38c |
|
|
|
9abe38c |
files_exec_usr_files(httpd_t)
|
|
|
9abe38c |
files_manage_generic_tmp_files(httpd_t)
|
|
|
9abe38c |
- userdom_rw_user_tmp_files(httpd_t)
|
|
|
9abe38c |
corenet_tcp_connect_generic_port(httpd_t)
|
|
|
9abe38c |
|
|
|
9abe38c |
# Strict policy
|
|
|
9abe38c |
@@ -81,7 +80,7 @@
|
|
|
9abe38c |
|
|
|
9abe38c |
# Allow dirsrv to interact with CGIs
|
|
|
9abe38c |
allow dirsrv_t httpd_dirsrvadmin_script_t:unix_stream_socket { read write };
|
|
|
9abe38c |
- allow dirsrv_t dirsrvadmin_tmp_t:file write;
|
|
|
9abe38c |
+ allow dirsrv_t httpd_dirsrvadmin_script_rw_t:file write;
|
|
|
9abe38c |
|
|
|
9abe38c |
# Allow dirsrv domain to interact with httpd
|
|
|
9abe38c |
allow dirsrv_t httpd_t:fifo_file { write read };
|
|
|
9abe38c |
--- selinux/dirsrv-admin.te 2009-10-22 14:27:21.228545844 -0700
|
|
|
9abe38c |
+++ selinux/dirsrv-admin.te 2009-10-22 14:27:36.348546152 -0700
|
|
|
9abe38c |
@@ -113,9 +113,6 @@
|
|
|
9abe38c |
# The CGI scripts must be able to manage dirsrv-admin
|
|
|
9abe38c |
dirsrvadmin_run_exec(httpd_dirsrvadmin_script_t)
|
|
|
9abe38c |
dirsrvadmin_manage_config(httpd_dirsrvadmin_script_t)
|
|
|
9abe38c |
-manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
|
|
|
9abe38c |
-manage_dirs_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
|
|
|
9abe38c |
-files_tmp_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })
|
|
|
9abe38c |
|
|
|
9abe38c |
# The CGI scripts must be able to manage the dirsrv
|
|
|
9abe38c |
dirsrv_domtrans(httpd_dirsrvadmin_script_t)
|