1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
###############################################################################
# SELinux module for the NGINX Web Server
#
# Project Contact Information:
# Stuart Cianos
# Email: scianos@alphavida.com
#
###############################################################################
# (C) Copyright 2009 by Stuart Cianos, d/b/a AlphaVida. All Rights Reserved.
#
#
# Stuart Cianos licenses this file to You under the GNU General Public License,
# Version 3.0 (the "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.gnu.org/licenses/gpl.txt
#
# or in the COPYING file included in the original archive.
#
# Disclaimer of Warranty.
#
# THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
# APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
# HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
# OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
# IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
# ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
#
# Limitation of Liability.
#
# IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
# WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
# THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
# GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
# USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
# DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
# PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
# EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGES.
###############################################################################
## <summary>policy for nginx</summary>
########################################
## <summary>
## Execute a domain transition to run nginx.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`nginx_domtrans',`
gen_require(`
type nginx_t, nginx_exec_t;
')
allow nginx_t $1:fd use;
allow nginx_t $1:fifo_file rw_fifo_file_perms;
allow nginx_t $1:process sigchld;
domain_auto_transition_pattern($1, nginx_exec_t, nginx_t)
')
########################################
## <summary>
## Administer the nginx domain
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the nginx domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`nginx_admin',`
gen_require(`
type nginx_t, nginx_conf_t, nginx_log_t, nginx_var_lib_t, nginx_runtime_t;
type nginx_exec_t;
')
allow $1 nginx_t:process { ptrace signal_perms };
ps_process_pattern($1, nginx_t)
files_list_etc($1)
admin_pattern($1, nginx_conf_t)
can_exec($1, nginx_exec_t)
files_list_var_lib($1)
admin_pattern($1, nginx_var_lib_t)
logging_list_logs($1)
admin_pattern($1, nginx_log_t)
files_list_runtime($1)
admin_pattern($1, nginx_runtime_t)
')
|
GitWeb