PERFORCE change 38659 for review

Andrew Reisse areisse at FreeBSD.org
Fri Sep 26 17:12:19 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=38659

Change 38659 by areisse at areisse_tislabs on 2003/09/26 10:11:56

	apache policy modified for FreeBSD

Affected files ...

.. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/unused/apache.te#2 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/apache.fc#2 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/unused/apache.te#2 (text+ko) ====

@@ -336,7 +336,7 @@
 ################################################################
 # Allow the web server to run scripts and serve pages
 ##############################################################
-allow httpd_t httpd_sys_content_t:file r_file_perms;
+allow httpd_t httpd_sys_content_t:{lnk_file file} r_file_perms;
 allow httpd_t httpd_sys_content_t:dir r_dir_perms;
 
 allow httpd_t httpd_sys_htaccess_t: file r_file_perms;

==== //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/apache.fc#2 (text+ko) ====

@@ -1,26 +1,16 @@
 # apache
-/var/www/html(/.*)?		system_u:object_r:httpd_sys_content_t
-/var/www/mrtg(/.*)?		system_u:object_r:httpd_sys_content_t
-/var/www/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_t
-/usr/lib/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_t
-/var/www/perl(/.*)?		system_u:object_r:httpd_sys_script_t
-/var/www/icons(/.*)?		system_u:object_r:httpd_sys_content_t
-/var/cache/httpd(/.*)?		system_u:object_r:httpd_cache_t
-/etc/httpd			system_u:object_r:httpd_config_t
-/etc/httpd/conf(/.*)?		system_u:object_r:httpd_config_t
-/etc/httpd/logs			system_u:object_r:httpd_log_files_t
-/etc/httpd/modules		system_u:object_r:httpd_modules_t
-/etc/apache(2)?(/.*)?		system_u:object_r:httpd_config_t
-/etc/vhosts			system_u:object_r:httpd_config_t
-/usr/lib/apache(/.*)?		system_u:object_r:httpd_modules_t
-/usr/lib/apache2/modules(/.*)?	system_u:object_r:httpd_modules_t
-/usr/sbin/httpd			system_u:object_r:httpd_exec_t
-/usr/sbin/apache(2)?		system_u:object_r:httpd_exec_t
-/usr/sbin/suexec		system_u:object_r:httpd_suexec_exec_t
-/usr/lib/cgi-bin/(nph-)?cgiwrap(d)? system_u:object_r:httpd_suexec_exec_t
-/usr/lib/apache(2)?/suexec(2)?	system_u:object_r:httpd_suexec_exec_t
+/usr/local/www/data(/.*)?	system_u:object_r:httpd_sys_content_t
+/usr/local/www/cgi-bin(/.*)?	system_u:object_r:httpd_sys_script_t
+/usr/local/www/icons(/.*)?	system_u:object_r:httpd_sys_content_t
+#/var/cache/httpd(/.*)?		system_u:object_r:httpd_cache_t
+/usr/local/etc/apache		system_u:object_r:httpd_config_t
+/usr/local/libexec/apache(/.*)?	system_u:object_r:httpd_modules_t
+/usr/local/sbin/httpd		system_u:object_r:httpd_exec_t
+#/usr/sbin/suexec		system_u:object_r:httpd_suexec_exec_t
+#/usr/lib/cgi-bin/(nph-)?cgiwrap(d)? system_u:object_r:httpd_suexec_exec_t
+#/usr/lib/apache(2)?/suexec(2)?	system_u:object_r:httpd_suexec_exec_t
 /var/log/httpd(/.*)?		system_u:object_r:httpd_log_files_t
-/var/log/apache(2)?(/.*)?	system_u:object_r:httpd_log_files_t
-/var/log/cgiwrap\.log.*		system_u:object_r:httpd_log_files_t
-/var/cache/ssl.*\.sem		system_u:object_r:httpd_cache_t
+#/var/log/apache(2)?(/.*)?	system_u:object_r:httpd_log_files_t
+#/var/log/cgiwrap\.log.*	system_u:object_r:httpd_log_files_t
+#/var/cache/ssl.*\.sem		system_u:object_r:httpd_cache_t
 /var/run/apache(2)?.pid.*	system_u:object_r:httpd_var_run_t
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list