Last active
March 31, 2016 10:37
-
-
Save asabirov/7143a40d7d2cffb10f1200f89cb1d7fb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module nginx 1.0; | |
| require { | |
| type var_run_t; | |
| type user_home_dir_t; | |
| type httpd_log_t; | |
| type httpd_t; | |
| type user_home_t; | |
| type httpd_sys_content_t; | |
| type initrc_t; | |
| type http_cache_port_t; | |
| class sock_file write; | |
| class unix_stream_socket connectto; | |
| class dir { search getattr }; | |
| class file { read write setattr }; | |
| class tcp_socket name_connect; | |
| } | |
| #============= httpd_t ============== | |
| #!!!! This avc is allowed in the current policy | |
| allow httpd_t http_cache_port_t:tcp_socket name_connect; | |
| allow httpd_t httpd_log_t:file setattr; | |
| allow httpd_t httpd_sys_content_t:sock_file write; | |
| allow httpd_t initrc_t:unix_stream_socket connectto; | |
| #!!!! This avc is allowed in the current policy | |
| allow httpd_t user_home_dir_t:dir search; | |
| #!!!! This avc is allowed in the current policy | |
| allow httpd_t user_home_t:dir { search getattr }; | |
| allow httpd_t user_home_t:sock_file write; | |
| allow httpd_t var_run_t:file { read write }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment