This is a new module not present upstream, contains nothing that looks controversial. I've added one Debian path, perhaps it should be in a conditional block...(/usr/lib/cgi-bin/check) Originally submitted Jul 19, no comments so far Index: refpolicy/policy/modules/services/w3c.fc =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ refpolicy/policy/modules/services/w3c.fc 2008-08-03 17:13:33.000000000 +0200 @@ -0,0 +1,3 @@ +/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0) +/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) +/usr/lib/cgi-bin/check gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) Index: refpolicy/policy/modules/services/w3c.if =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ refpolicy/policy/modules/services/w3c.if 2008-08-03 17:13:33.000000000 +0200 @@ -0,0 +1,20 @@ +## <summary>W3C</summary> + +######################################## +## <summary> +## Execute w3c server in the w3c domain. +## </summary> +## <param name="domain"> +## <summary> +## The type of the process performing this action. +## </summary> +## </param> +# +# +interface(`w3c_script_domtrans',` + gen_require(` + type w3c_script_exec_t; + ') + + init_script_domtrans_spec($1,w3c_script_exec_t) +') Index: refpolicy/policy/modules/services/w3c.te =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ refpolicy/policy/modules/services/w3c.te 2008-08-03 17:13:33.000000000 +0200 @@ -0,0 +1,14 @@ +policy_module(w3c,1.2.1) + +apache_content_template(w3c_validator) + +sysnet_dns_name_resolve(httpd_w3c_validator_script_t) + +corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t) +corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t) +corenet_tcp_connect_http_port(httpd_w3c_validator_script_t) +corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t) +corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t) +corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t) + +miscfiles_read_certs(httpd_w3c_validator_script_t) -- David Härdeman -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
