|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(acme-updater, 0.1.13)
|
|
|
+policy_module(acme-updater, 0.1.14)
|
|
|
|
|
|
#################################
|
|
|
#
|
|
@@ -39,54 +39,71 @@ kernel_read_system_state(acmeupdater_t)
|
|
|
|
|
|
dev_read_urand(acmeupdater_t)
|
|
|
|
|
|
-gen_require(`
|
|
|
- type acmetool_var_lib_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type acmetool_var_lib_t;
|
|
|
+ ')
|
|
|
+ search_dirs_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
+ read_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
+ read_lnk_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
')
|
|
|
-search_dirs_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
-read_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
-read_lnk_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
|
|
|
apache_manage_config(acmeupdater_t)
|
|
|
apache_domtrans(acmeupdater_t)
|
|
|
|
|
|
jabber_admin(acmeupdater_t, system_r)
|
|
|
|
|
|
-gen_require(`
|
|
|
- type httpd_initrc_exec_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type httpd_initrc_exec_t;
|
|
|
+ ')
|
|
|
+ init_labeled_script_domtrans(acmeupdater_t, httpd_initrc_exec_t)
|
|
|
')
|
|
|
-init_labeled_script_domtrans(acmeupdater_t, httpd_initrc_exec_t)
|
|
|
|
|
|
-gen_require(`
|
|
|
- type dovecot_cert_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type dovecot_cert_t;
|
|
|
+ ')
|
|
|
+ manage_files_pattern(acmeupdater_t, dovecot_cert_t, dovecot_cert_t)
|
|
|
')
|
|
|
-manage_files_pattern(acmeupdater_t, dovecot_cert_t, dovecot_cert_t)
|
|
|
|
|
|
-gen_require(`
|
|
|
- type dovecot_initrc_exec_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type dovecot_initrc_exec_t;
|
|
|
+ ')
|
|
|
+ init_labeled_script_domtrans(acmeupdater_t, dovecot_initrc_exec_t)
|
|
|
')
|
|
|
-init_labeled_script_domtrans(acmeupdater_t, dovecot_initrc_exec_t)
|
|
|
|
|
|
-gen_require(`
|
|
|
- type postfix_etc_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type postfix_etc_t;
|
|
|
+ ')
|
|
|
+ manage_files_pattern(acmeupdater_t, postfix_etc_t, postfix_etc_t)
|
|
|
')
|
|
|
-manage_files_pattern(acmeupdater_t, postfix_etc_t, postfix_etc_t)
|
|
|
|
|
|
-gen_require(`
|
|
|
- type postfix_initrc_exec_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type postfix_initrc_exec_t;
|
|
|
+ ')
|
|
|
+ init_labeled_script_domtrans(acmeupdater_t, postfix_initrc_exec_t)
|
|
|
')
|
|
|
-init_labeled_script_domtrans(acmeupdater_t, postfix_initrc_exec_t)
|
|
|
|
|
|
optional_policy(`
|
|
|
cron_system_entry(acmeupdater_t, acmeupdater_exec_t)
|
|
|
')
|
|
|
|
|
|
-gen_require(`
|
|
|
- type crond_tmp_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type crond_tmp_t;
|
|
|
+ ')
|
|
|
+ allow acmeupdater_t crond_tmp_t:file { read write getattr ioctl };
|
|
|
')
|
|
|
-allow acmeupdater_t crond_tmp_t:file { read write getattr ioctl };
|
|
|
|
|
|
-gen_require(`
|
|
|
- type named_var_run_t;
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type named_var_run_t;
|
|
|
+ ')
|
|
|
+ search_dirs_pattern(acmeupdater_t, named_var_run_t, named_var_run_t)
|
|
|
+ read_files_pattern(acmeupdater_t, named_var_run_t, named_var_run_t)
|
|
|
')
|
|
|
-search_dirs_pattern(acmeupdater_t, named_var_run_t, named_var_run_t)
|
|
|
-read_files_pattern(acmeupdater_t, named_var_run_t, named_var_run_t)
|
|
|
+
|