1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- policy_module(owncloud, 0.0.7)
- require {
- type httpd_sys_content_t;
- type etc_t;
- }
- ########################################
- #
- # Declarations
- #
- attribute_role owncloud_roles;
- type owncloud_t;
- type owncloud_exec_t;
- init_system_domain(owncloud_t, owncloud_exec_t)
- allow owncloud_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
- allow owncloud_t self:tcp_socket { connect create getattr getopt read setopt shutdown write };
- allow owncloud_t self:udp_socket { connect create getattr read write setopt };
- allow owncloud_t self:unix_stream_socket { connect create read write };
- allow owncloud_t self:fifo_file { getattr ioctl read };
- corecmd_exec_bin(owncloud_t)
- corecmd_exec_shell(owncloud_t)
- files_read_etc_files(owncloud_t)
- files_manage_generic_tmp_dirs(owncloud_t)
- files_search_pids(owncloud_t)
- files_search_var(owncloud_t)
- corenet_tcp_connect_http_port(owncloud_t)
- corenet_tcp_connect_ldap_port(owncloud_t)
- apache_manage_sys_content(owncloud_t)
- allow owncloud_t httpd_sys_content_t:file map;
- miscfiles_read_localization(owncloud_t)
- miscfiles_read_all_certs(owncloud_t)
- mysql_stream_connect(owncloud_t)
- sysnet_read_config(owncloud_t)
- allow owncloud_t etc_t:file map;
- files_manage_generic_tmp_files(owncloud_t)
- kernel_read_system_state(owncloud_t)
- kernel_read_kernel_sysctls(owncloud_t)
- optional_policy(`
- cron_system_entry(owncloud_t, owncloud_exec_t)
- ')
|