269
269
allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom };
271
manage_dirs_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
272
manage_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
273
manage_lnk_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
274
relabel_dirs_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
275
relabel_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
276
relabel_lnk_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
278
manage_dirs_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
279
manage_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
280
manage_lnk_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
281
relabel_dirs_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
282
relabel_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
283
relabel_lnk_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
285
manage_dirs_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
286
manage_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
287
manage_lnk_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
288
relabel_dirs_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
289
relabel_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
290
relabel_lnk_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
292
manage_dirs_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
293
manage_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
294
manage_lnk_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
295
relabel_dirs_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
296
relabel_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
297
relabel_lnk_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
271
manage_dirs_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
272
manage_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
273
manage_lnk_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
274
relabel_dirs_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
275
relabel_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
276
relabel_lnk_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
278
manage_dirs_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
279
manage_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
280
manage_lnk_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
281
relabel_dirs_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
282
relabel_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
283
relabel_lnk_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
285
manage_dirs_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
286
manage_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
287
manage_lnk_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
288
relabel_dirs_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
289
relabel_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
290
relabel_lnk_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
292
manage_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
293
manage_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
294
manage_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
295
relabel_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
296
relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
297
relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
299
299
tunable_policy(`httpd_enable_cgi',`
300
300
# If a user starts a script by hand it gets the proper context
1041
1041
allow httpd_t $1:process signal;
1044
########################################
1046
## All of the rules required to administrate an apache environment
1048
## <param name="prefix">
1050
## Prefix of the domain. Example, user would be
1051
## the prefix for the uder_t domain.
1054
## <param name="domain">
1056
## Domain allowed access.
1059
## <param name="role">
1061
## Role allowed access.
1066
interface(`apache_admin',`
1068
attribute httpdcontent;
1069
attribute httpd_script_exec_type;
1071
type httpd_t, httpd_config_t, httpd_log_t;
1072
type httpd_modules_t, httpd_lock_t;
1073
type httpd_var_run_t, httpd_php_tmp_t;
1074
type httpd_suexec_tmp_t, httpd_tmp_t;
1077
allow $1 httpd_t:process { getattr ptrace signal_perms };
1078
ps_process_pattern($1, httpd_t)
1080
apache_manage_all_content($1)
1081
miscfiles_manage_public_files($1)
1083
files_search_etc($1)
1084
admin_pattern($1, httpd_config_t)
1086
logging_search_logs($1)
1087
admin_pattern($1, httpd_log_t)
1089
admin_pattern($1, httpd_modules_t)
1091
admin_pattern($1, httpd_lock_t)
1092
files_lock_filetrans($1, httpd_lock_t, file)
1094
admin_pattern($1, httpd_var_run_t)
1095
files_pid_filetrans($1, httpd_var_run_t, file)
1097
kernel_search_proc($1)
1098
allow $1 httpd_t:dir list_dir_perms;
1100
read_lnk_files_pattern($1, httpd_t, httpd_t)
1102
admin_pattern($1, httpdcontent)
1103
admin_pattern($1, httpd_script_exec_type)
1104
admin_pattern($1, httpd_tmp_t)
1105
admin_pattern($1, httpd_php_tmp_t)
1106
admin_pattern($1, httpd_suexec_tmp_t)