|
@@ -0,0 +1,39 @@
|
|
|
+ ## <summary>PHP-fpm policy interfaces.</summary>
|
|
|
+
|
|
|
+########################################
|
|
|
+## <summary>
|
|
|
+## Do not audit attempts to read and
|
|
|
+## write phpfpm unix domain stream sockets.
|
|
|
+## </summary>
|
|
|
+## <param name="domain">
|
|
|
+## <summary>
|
|
|
+## Domain to not audit.
|
|
|
+## </summary>
|
|
|
+## </param>
|
|
|
+#
|
|
|
+interface(`phpfpm_dontaudit_rw_stream_sockets',`
|
|
|
+ gen_require(`
|
|
|
+ type phpfpm_t;
|
|
|
+ ')
|
|
|
+
|
|
|
+ dontaudit $1 phpfpm_t:unix_stream_socket { read write };
|
|
|
+')
|
|
|
+
|
|
|
+########################################
|
|
|
+## <summary>
|
|
|
+## Do not audit attempts to read and
|
|
|
+## write phpfpm TCP sockets.
|
|
|
+## </summary>
|
|
|
+## <param name="domain">
|
|
|
+## <summary>
|
|
|
+## Domain to not audit.
|
|
|
+## </summary>
|
|
|
+## </param>
|
|
|
+#
|
|
|
+interface(`phpfpm_dontaudit_rw_tcp_sockets',`
|
|
|
+ gen_require(`
|
|
|
+ type phpfpm_t;
|
|
|
+ ')
|
|
|
+
|
|
|
+ dontaudit $1 phpfpm_t:tcp_socket { read write };
|
|
|
+')
|