diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch index 5bd5b2e..8d22c21 100644 --- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch +++ b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch @@ -1,12 +1,31 @@ -diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te -index fcf795f..529057c 100644 +From ed2b0a00e2fb78056041b03c7e198e8f5adaf939 Mon Sep 17 00:00:00 2001 +From: Xin Ouyang <Xin.Ouyang@windriver.com> +Date: Thu, 22 Aug 2013 19:36:44 +0800 +Subject: [PATCH 3/6] add rules for the symlink of /var/log - apache2 + +We have added rules for the symlink of /var/log in logging.if, +while apache.te uses /var/log but does not use the interfaces in +logging.if. So still need add a individual rule for apache.te. + +Upstream-Status: Inappropriate [only for Poky] + +Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> +Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> +--- + policy/modules/contrib/apache.te | 1 + + 1 file changed, 1 insertion(+) + --- a/policy/modules/contrib/apache.te +++ b/policy/modules/contrib/apache.te -@@ -412,6 +412,7 @@ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t) +@@ -409,10 +409,11 @@ allow httpd_t httpd_log_t:dir setattr_di + create_dirs_pattern(httpd_t, httpd_log_t, httpd_log_t) + create_files_pattern(httpd_t, httpd_log_t, httpd_log_t) + append_files_pattern(httpd_t, httpd_log_t, httpd_log_t) read_files_pattern(httpd_t, httpd_log_t, httpd_log_t) - setattr_files_pattern(httpd_t, httpd_log_t, httpd_log_t) read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t) +read_lnk_files_pattern(httpd_t, var_log_t, var_log_t) logging_log_filetrans(httpd_t, httpd_log_t, file) allow httpd_t httpd_modules_t:dir list_dir_perms; + mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t) + read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t) |