|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(owncloud, 0.0.6)
|
|
|
+policy_module(owncloud, 0.0.7)
|
|
|
|
|
|
require {
|
|
|
type httpd_sys_content_t;
|
|
|
@@ -20,6 +20,7 @@ allow owncloud_t self:netlink_route_socket { bind create getattr nlmsg_read read
|
|
|
allow owncloud_t self:tcp_socket { connect create getattr getopt read setopt shutdown write };
|
|
|
allow owncloud_t self:udp_socket { connect create getattr read write setopt };
|
|
|
allow owncloud_t self:unix_stream_socket { connect create read write };
|
|
|
+allow owncloud_t self:fifo_file { getattr ioctl read };
|
|
|
|
|
|
corecmd_exec_bin(owncloud_t)
|
|
|
corecmd_exec_shell(owncloud_t)
|
|
|
@@ -36,6 +37,7 @@ apache_manage_sys_content(owncloud_t)
|
|
|
allow owncloud_t httpd_sys_content_t:file map;
|
|
|
|
|
|
miscfiles_read_localization(owncloud_t)
|
|
|
+miscfiles_read_all_certs(owncloud_t)
|
|
|
|
|
|
mysql_stream_connect(owncloud_t)
|
|
|
|
|
|
@@ -45,6 +47,9 @@ allow owncloud_t etc_t:file map;
|
|
|
|
|
|
files_manage_generic_tmp_files(owncloud_t)
|
|
|
|
|
|
+kernel_read_system_state(owncloud_t)
|
|
|
+kernel_read_kernel_sysctls(owncloud_t)
|
|
|
+
|
|
|
optional_policy(`
|
|
|
cron_system_entry(owncloud_t, owncloud_exec_t)
|
|
|
')
|
