|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(acme-updater, 0.1.10)
|
|
|
+policy_module(acme-updater, 0.1.11)
|
|
|
|
|
|
#################################
|
|
|
#
|
|
@@ -15,8 +15,8 @@ init_system_domain(acmeupdater_t, acmeupdater_exec_t)
|
|
|
#
|
|
|
|
|
|
allow acmeupdater_t self:capability { dac_read_search dac_override sys_resource };
|
|
|
+allow acmeupdater_t self:process setrlimit;
|
|
|
|
|
|
-apache_manage_config(acmeupdater_t)
|
|
|
corecmd_exec_bin(acmeupdater_t)
|
|
|
corecmd_exec_shell(acmeupdater_t)
|
|
|
|
|
@@ -42,6 +42,7 @@ read_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
read_lnk_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
|
|
|
|
|
|
apache_manage_config(acmeupdater_t)
|
|
|
+apache_domtrans(acmeupdater_t)
|
|
|
|
|
|
gen_require(`
|
|
|
type httpd_initrc_exec_t;
|