diff options
Diffstat (limited to 'policy/modules/contrib/webadm.te')
-rw-r--r-- | policy/modules/contrib/webadm.te | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/policy/modules/contrib/webadm.te b/policy/modules/contrib/webadm.te deleted file mode 100644 index 708254fc6..000000000 --- a/policy/modules/contrib/webadm.te +++ /dev/null @@ -1,57 +0,0 @@ -policy_module(webadm, 1.1.1) - -######################################## -# -# Declarations -# - -## <desc> -## <p> -## Determine whether webadm can -## manage generic user files. -## </p> -## </desc> -gen_tunable(webadm_manage_user_files, false) - -## <desc> -## <p> -## Determine whether webadm can -## read generic user files. -## </p> -## </desc> -gen_tunable(webadm_read_user_files, false) - -role webadm_r; - -userdom_base_user_template(webadm) - -######################################## -# -# Local policy -# - -allow webadm_t self:capability { dac_override dac_read_search kill sys_nice }; - -files_dontaudit_search_all_dirs(webadm_t) -files_list_var(webadm_t) - -selinux_get_enforce_mode(webadm_t) -seutil_domtrans_setfiles(webadm_t) - -logging_send_audit_msgs(webadm_t) -logging_send_syslog_msg(webadm_t) - -userdom_dontaudit_search_user_home_dirs(webadm_t) - -apache_admin(webadm_t, webadm_r) - -tunable_policy(`webadm_manage_user_files',` - userdom_manage_user_home_content_files(webadm_t) - userdom_read_user_tmp_files(webadm_t) - userdom_write_user_tmp_files(webadm_t) -') - -tunable_policy(`webadm_read_user_files',` - userdom_read_user_home_content_files(webadm_t) - userdom_read_user_tmp_files(webadm_t) -') |