|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(ttrss, 0.0.1)
|
|
|
+policy_module(ttrss, 0.0.3)
|
|
|
|
|
|
########################################
|
|
|
#
|
|
|
@@ -17,9 +17,26 @@ init_system_domain(ttrss_t, ttrss_exec_t)
|
|
|
#
|
|
|
# Local policy
|
|
|
#
|
|
|
+
|
|
|
+allow ttrss_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
|
|
|
+allow ttrss_t self:tcp_socket { connect create getattr getopt read setopt write };
|
|
|
+allow ttrss_t self:udp_socket { connect create getattr read write };
|
|
|
+allow ttrss_t self:unix_stream_socket { connect create read write };
|
|
|
+
|
|
|
+
|
|
|
corenet_tcp_connect_generic_port(ttrss_t)
|
|
|
+corenet_tcp_connect_http_port(ttrss_t)
|
|
|
+files_read_etc_files(ttrss_t)
|
|
|
+miscfiles_read_generic_certs(ttrss_t)
|
|
|
+
|
|
|
apache_manage_sys_content(ttrss_t)
|
|
|
|
|
|
+corecmd_check_exec_shell(ttrss_t)
|
|
|
+corecmd_exec_bin(ttrss_t)
|
|
|
+
|
|
|
+sysnet_read_config(ttrss_t)
|
|
|
+miscfiles_read_localization(ttrss_t)
|
|
|
+
|
|
|
mysql_tcp_connect(ttrss_t)
|
|
|
mysql_stream_connect(ttrss_t)
|
|
|
|
