aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch')
-rw-r--r--recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch27
1 files changed, 23 insertions, 4 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
index 5bd5b2e..8d22c21 100644
--- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
+++ b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
@@ -1,12 +1,31 @@
-diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
-index fcf795f..529057c 100644
+From ed2b0a00e2fb78056041b03c7e198e8f5adaf939 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Thu, 22 Aug 2013 19:36:44 +0800
+Subject: [PATCH 3/6] add rules for the symlink of /var/log - apache2
+
+We have added rules for the symlink of /var/log in logging.if,
+while apache.te uses /var/log but does not use the interfaces in
+logging.if. So still need add a individual rule for apache.te.
+
+Upstream-Status: Inappropriate [only for Poky]
+
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+---
+ policy/modules/contrib/apache.te | 1 +
+ 1 file changed, 1 insertion(+)
+
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
-@@ -412,6 +412,7 @@ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+@@ -409,10 +409,11 @@ allow httpd_t httpd_log_t:dir setattr_di
+ create_dirs_pattern(httpd_t, httpd_log_t, httpd_log_t)
+ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+ append_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
- setattr_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+read_lnk_files_pattern(httpd_t, var_log_t, var_log_t)
logging_log_filetrans(httpd_t, httpd_log_t, file)
allow httpd_t httpd_modules_t:dir list_dir_perms;
+ mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
+ read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-23 14:56:25 +0000