diff options
Diffstat (limited to 'policy/modules/contrib/apache.fc')
-rw-r--r-- | policy/modules/contrib/apache.fc | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/policy/modules/contrib/apache.fc b/policy/modules/contrib/apache.fc new file mode 100644 index 000000000..9e39aa5be --- /dev/null +++ b/policy/modules/contrib/apache.fc @@ -0,0 +1,111 @@ +HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0) + +/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) +/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) +/etc/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +/etc/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/etc/httpd(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) +/etc/httpd/conf/keytab -- gen_context(system_u:object_r:httpd_keytab_t,s0) +/etc/httpd/logs gen_context(system_u:object_r:httpd_log_t,s0) +/etc/httpd/modules gen_context(system_u:object_r:httpd_modules_t,s0) +/etc/lighttpd(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) +/etc/mock/koji(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/lighttpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) + +/etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0) +/etc/zabbix/web(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) + +/srv/([^/]*/)?www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/srv/gallery2(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) + +/usr/bin/htsslpass -- gen_context(system_u:object_r:httpd_helper_exec_t,s0) +/usr/bin/mongrel_rails -- gen_context(system_u:object_r:httpd_exec_t,s0) + +/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/lib/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/usr/lib/dirsrv/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) +/usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) +/usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) +/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) +/usr/lib(64)?/httpd(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) +/usr/lib(64)?/lighttpd(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) + +/usr/sbin/apache(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/apache-ssl(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/lighttpd -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/rotatelogs -- gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0) +/usr/sbin/suexec -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) + +ifdef(`distro_suse', ` +/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0) +') + +/usr/share/dirsrv(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/icecast(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/mythweb(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/mythweb/mythweb\.pl gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/usr/share/mythtv/mythweather/scripts(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/usr/share/mythtv/data(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/ntop/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/wordpress-mu/wp-config\.php -- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/usr/share/wordpress-mu/wp-content(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +/usr/share/wordpress/wp-content/uploads(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) + +/var/cache/httpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/lighttpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/mason(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/mediawiki(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/mod_.* gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/mod_gnutls(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/mod_proxy(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/mod_ssl(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/php-.* gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/php-eaccelerator(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/php-mmcache(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/rt3(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0) + +/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0) +/var/lib/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0) +/var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0) + +/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/cacti(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/cgiwrap\.log.* -- gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/httpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/lighttpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/piranha(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) + +ifdef(`distro_debian', ` +/var/log/horde2(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +') + +/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/run/mod_.* gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/run/wsgi.* -s gen_context(system_u:object_r:httpd_var_run_t,s0) + +/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0) +/var/spool/viewvc(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t, s0) + +/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/www(/.*)?/logs(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/www/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) |