Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/uwsgi.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/uwsgi.te')
-rw-r--r--policy/modules/contrib/uwsgi.te91
1 files changed, 91 insertions, 0 deletions
diff --git a/policy/modules/contrib/uwsgi.te b/policy/modules/contrib/uwsgi.te
new file mode 100644
index 00000000..83328c34
--- /dev/null
+++ b/policy/modules/contrib/uwsgi.te
@@ -0,0 +1,91 @@
+policy_module(uwsgi, 1.0)
+
+########################################
+#
+# Declarations
+#
+
+type uwsgi_t;
+type uwsgi_exec_t;
+init_daemon_domain(uwsgi_t, uwsgi_exec_t)
+
+type uwsgi_conf_t;
+files_config_file(uwsgi_conf_t)
+
+type uwsgi_run_t;
+init_daemon_runtime_file(uwsgi_run_t, dir, "uwsgi")
+
+type uwsgi_var_log_t;
+logging_log_file(uwsgi_var_log_t)
+
+type uwsgi_tmp_t;
+files_tmp_file(uwsgi_tmp_t)
+
+type uwsgi_content_t;
+files_type(uwsgi_content_t)
+
+type uwsgi_content_exec_t;
+domain_entry_file(uwsgi_t, uwsgi_content_exec_t)
+
+########################################
+#
+# uwsgi local policy
+#
+
+allow uwsgi_t self:fifo_file rw_fifo_file_perms;
+allow uwsgi_t self:process { signal sigchld };
+
+can_exec(uwsgi_t, uwsgi_exec_t)
+can_exec(uwsgi_t, uwsgi_tmp_t)
+can_exec(uwsgi_t, uwsgi_content_exec_t)
+
+list_dirs_pattern(uwsgi_t, uwsgi_conf_t, uwsgi_conf_t)
+read_files_pattern(uwsgi_t, uwsgi_conf_t, uwsgi_conf_t)
+
+list_dirs_pattern(uwsgi_t, uwsgi_content_t, uwsgi_content_t)
+read_files_pattern(uwsgi_t, uwsgi_content_t, uwsgi_content_t)
+read_lnk_files_pattern(uwsgi_t, uwsgi_content_t, uwsgi_content_t)
+
+list_dirs_pattern(uwsgi_t, uwsgi_content_exec_t, uwsgi_content_exec_t)
+read_files_pattern(uwsgi_t, uwsgi_content_exec_t, uwsgi_content_exec_t)
+read_lnk_files_pattern(uwsgi_t, uwsgi_content_exec_t, uwsgi_content_exec_t)
+
+read_files_pattern(uwsgi_t, uwsgi_var_log_t, uwsgi_var_log_t)
+append_files_pattern(uwsgi_t, uwsgi_var_log_t, uwsgi_var_log_t)
+logging_log_filetrans(uwsgi_t, uwsgi_var_log_t, { file dir })
+logging_search_logs(uwsgi_t)
+
+manage_dirs_pattern(uwsgi_t, uwsgi_run_t, uwsgi_run_t)
+manage_files_pattern(uwsgi_t, uwsgi_run_t, uwsgi_run_t)
+manage_sock_files_pattern(uwsgi_t, uwsgi_run_t, uwsgi_run_t)
+
+manage_dirs_pattern(uwsgi_t, uwsgi_tmp_t, uwsgi_tmp_t)
+manage_files_pattern(uwsgi_t, uwsgi_tmp_t, uwsgi_tmp_t)
+files_tmp_filetrans(uwsgi_t, uwsgi_tmp_t, { file dir })
+
+files_read_usr_files(uwsgi_t)
+
+auth_use_nsswitch(uwsgi_t)
+
+corecmd_exec_bin(uwsgi_t)
+corecmd_exec_shell(uwsgi_t)
+
+kernel_read_system_state(uwsgi_t)
+kernel_read_net_sysctls(uwsgi_t)
+
+libs_exec_ldconfig(uwsgi_t)
+
+miscfiles_read_localization(uwsgi_t)
+
+optional_policy(`
+ apache_read_all_content(uwsgi_t)
+ apache_manage_all_rw_content(uwsgi_t)
+')
+
+optional_policy(`
+ cron_system_entry(uwsgi_t, uwsgi_content_exec_t)
+')
+
+optional_policy(`
+ mysql_stream_connect(uwsgi_t)
+')