Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 23138 Details for
Bug 37183
net-www/squid policy files
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
type enforcement
squid.te (text/plain), 2.36 KB, created by
petre rodan (RETIRED)
on 2004-01-04 05:01:55 UTC
(
hide
)
Description:
type enforcement
Filename:
MIME Type:
Creator:
petre rodan (RETIRED)
Created:
2004-01-04 05:01:55 UTC
Size:
2.36 KB
patch
obsolete
>#DESC Squid - Web cache ># ># Author: Russell Coker <russell@coker.com.au> ># X-Debian-Packages: squid ># > >################################# ># ># Rules for the squid_t domain. ># ># squid_t is the domain the squid process runs in >ifdef(`apache.te',` >can_tcp_connect(squid_t, httpd_t) >', ` >type http_cache_port_t, port_type; >') > >daemon_domain(squid, `, web_client_domain') >type squid_conf_t, file_type, sysadmfile; > >allow { squid_t initrc_t } squid_conf_t:file r_file_perms; >allow squid_t squid_conf_t:dir r_dir_perms; > ># var_log_squid_t is for /var/log/squid >type var_log_squid_t, file_type, sysadmfile, logfile; > ># type for /var/cache/squid >type squid_cache_t, file_type, sysadmfile; > >allow squid_t squid_t:capability { setgid setuid }; >allow squid_t { etc_t etc_runtime_t }:file r_file_perms; >allow squid_t etc_t:lnk_file read; >allow squid_t self:unix_stream_socket create_socket_perms; >allow squid_t self:unix_dgram_socket create_socket_perms; >allow squid_t self:fifo_file rw_file_perms; > >allow squid_t { sysctl_t sysctl_kernel_t }:dir search; >allow squid_t { sysctl_kernel_t }:file read; > >allow squid_t resolv_conf_t:file r_file_perms; > >allow squid_t devtty_t:chr_file rw_file_perms; > >allow squid_t { self proc_t }:file { read getattr }; > ># for when we use /var/spool/cache >allow squid_t var_spool_t:dir search; > ># Grant permissions to create, access, and delete cache and log files. ># No type transitions required, as the files inherit the parent directory type. >allow squid_t squid_cache_t:dir create_dir_perms; >allow squid_t squid_cache_t:{ file lnk_file } create_file_perms; >allow squid_t var_log_t:dir r_dir_perms; >allow squid_t var_log_squid_t:dir create_dir_perms; >allow squid_t var_log_squid_t:file create_file_perms; >ifdef(`logrotate.te', >`domain_auto_trans(logrotate_t, squid_exec_t, squid_t)') >ifdef(`crond.te', `domain_auto_trans(system_crond_t, squid_exec_t, squid_t)') > ># Use the network >can_network(squid_t) >can_tcp_connect(web_client_domain, squid_t) > ># tcp port 8080 and udp port 3130 is http_cache_port_t (see net_contexts) >allow squid_t http_cache_port_t:tcp_socket name_bind; >allow squid_t http_cache_port_t:udp_socket name_bind; > ># to allow running programs from /usr/lib/squid (IE unlinkd) ># also allow exec()ing itself >can_exec(squid_t, { lib_t squid_exec_t } ) >allow squid_t { bin_t sbin_t }:dir search; > >dontaudit squid_t home_root_t:dir getattr; >dontaudit squid_t security_t:dir { getattr };
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=23138">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 37183
:
23137
| 23138
