|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(gogs, 0.2.8)
|
|
|
+policy_module(gogs, 0.2.9)
|
|
|
|
|
|
########################################
|
|
|
#
|
|
|
@@ -33,7 +33,7 @@ files_type(gogs_ssh_t)
|
|
|
allow gogs_t self:fifo_file { read write getattr };
|
|
|
allow gogs_t self:process { getsched signal sigkill };
|
|
|
allow gogs_t self:tcp_socket { getattr setopt bind create accept listen read write connect getopt };
|
|
|
-allow gogs_t self:udp_socket { connect getattr create setopt };
|
|
|
+allow gogs_t self:udp_socket { connect getattr create setopt write };
|
|
|
allow gogs_t self:fifo_file ioctl;
|
|
|
allow gogs_t gogs_exec_t:file execute_no_trans;
|
|
|
allow gogs_t gogs_var_lib_t:file { execute execute_no_trans };
|
|
|
@@ -66,6 +66,7 @@ allow gogs_t gogs_opt_t:file map;
|
|
|
allow gogs_t gogs_var_lib_t:file map;
|
|
|
|
|
|
miscfiles_read_localization(gogs_t)
|
|
|
+miscfiles_read_all_certs(gogs_t)
|
|
|
|
|
|
corenet_tcp_bind_generic_node(gogs_t)
|
|
|
corenet_tcp_bind_ntop_port(gogs_t)
|
|
|
@@ -109,5 +110,5 @@ optional_policy(`
|
|
|
gen_require(`
|
|
|
type ssh_keygen_exec_t;
|
|
|
')
|
|
|
- allow gogs_t ssh_keygen_exec_t:file { read getattr open execute execute_no_trans };
|
|
|
+ allow gogs_t ssh_keygen_exec_t:file { read getattr open execute execute_no_trans map };
|
|
|
')
|
