gallery2 policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am using the gallery2 tar ball from http://codex.gallery2.org/Downloads ; it stays more up to date. They have a policy for selinux, but the log still had AVCs in it and denials that prevented gallery2 and specifically the watermark plugin from working. File and directory permissions were an issue. One of the directories is shared by samba so it has the context of public_content_rw_t.

I used audit2allow to get things working, but I would like someone more knowledgeable than me to take a look as see if I have opened any gaping holes and if so, how to best address the issue.


   policy_module(gallery, 1.0)

   require {
           type unlabeled_t;
           type httpd_t;
           type httpd_tmp_t;
           type httpd_sys_script_t;
           type public_content_rw_t;
           class file { read write unlink };
           class dir { write remove_name add_name };
   }

   #============= httpd_sys_script_t ==============
   allow httpd_sys_script_t unlabeled_t:file { read write };
   allow httpd_sys_script_t httpd_tmp_t:file { getattr read };

   #============= httpd_t ==============
   allow httpd_t public_content_rw_t:dir { write remove_name add_name };
   allow httpd_t public_content_rw_t:file unlink;


Thanks,
John Griffiths

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux