Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 29890 Details for
Bug 48772
mysql policy files
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
type enforcement
mysqld.te (text/plain), 2.12 KB, created by
petre rodan (RETIRED)
on 2004-04-23 03:05:48 UTC
(
hide
)
Description:
type enforcement
Filename:
MIME Type:
Creator:
petre rodan (RETIRED)
Created:
2004-04-23 03:05:48 UTC
Size:
2.12 KB
patch
obsolete
>#DESC Mysqld - Database server ># ># Author: Russell Coker <russell@coker.com.au> ># X-Debian-Packages: mysql-server ># > >################################# ># ># Rules for the mysqld_t domain. ># ># mysqld_exec_t is the type of the mysqld executable. ># >daemon_domain(mysqld) > >allow mysqld_t mysqld_var_run_t:sock_file create_file_perms; > ># ??? >#etcdir_domain(mysqld) > >type mysqld_etc_t, file_type, sysadmfile; >type mysqld_db_t, file_type, sysadmfile; > >log_domain(mysqld) > >allow mysqld_t tmp_t:dir { getattr read }; > >allow mysqld_t usr_t:file { getattr read }; > >allow mysqld_t self:fifo_file { read write }; >allow mysqld_t self:unix_stream_socket create_stream_socket_perms; >allow initrc_t mysqld_t:unix_stream_socket { connectto }; >allow initrc_t mysqld_var_run_t:sock_file write; > >allow initrc_t mysqld_log_t:file { write append setattr ioctl }; > >allow mysqld_t self:capability { setgid setuid dac_override }; >allow mysqld_t self:process getsched; > >allow mysqld_t proc_t:file { getattr read }; > ># Allow access to the mysqld databases >create_dir_file(mysqld_t, mysqld_db_t) >allow mysqld_t var_lib_t:dir search; > >can_network(mysqld_t) > ># read config files >r_dir_file(initrc_t, mysqld_etc_t) >allow mysqld_t { etc_t etc_runtime_t }:{ file lnk_file } { read getattr }; > >allow mysqld_t mysqld_etc_t:dir { search }; >allow mysqld_t mysqld_etc_t:file r_file_perms; > >allow mysqld_t etc_t:dir search; > >allow mysqld_t sysctl_kernel_t:dir search; >allow mysqld_t sysctl_kernel_t:file read; > >allow mysqld_t tmp_t:dir create_dir_perms; >allow mysqld_t tmp_t:file create_file_perms; > >can_unix_connect(sysadm_t, mysqld_t) > ># for /root/.my.cnf - should not be needed >allow mysqld_t sysadm_home_dir_t:dir search; >allow mysqld_t sysadm_home_t:file { read getattr }; > >ifdef(`logrotate.te', ` >r_dir_file(logrotate_t, mysqld_etc_t) >allow logrotate_t mysqld_db_t:dir search; >allow logrotate_t mysqld_var_run_t:dir search; >allow logrotate_t mysqld_var_run_t:sock_file write; >can_unix_connect(logrotate_t, mysqld_t) >') > ># if controled by daemontools >ifdef(`daemontools.te', ` >domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t); >allow svc_start_t mysqld_t:process { signal }; >svc_ipc_domain(mysqld_t) >') >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 48772
:
29889
| 29890