Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 323652 Details for
Bug 434888
selinux-phpfpm-2.20120725-r5: use stream sockets
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Proposed patch to implement the enhancement
phpfpm.patch (text/plain), 1.68 KB, created by
Vincent Brillault
on 2012-09-13 11:55:05 UTC
(
hide
)
Description:
Proposed patch to implement the enhancement
Filename:
MIME Type:
Creator:
Vincent Brillault
Created:
2012-09-13 11:55:05 UTC
Size:
1.68 KB
patch
obsolete
>--- a/phpfpm.fc >+++ b/phpfpm.fc >@@ -2,4 +2,5 @@ > > /var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0) > /var/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0) >+/var/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0) > >--- a/phpfpm.if >+++ b/phpfpm.if >@@ -0,0 +1,18 @@ >+ >+######################################## >+## <summary> >+## Connect to phpfpm using a unix domain stream socket. >+## </summary> >+## <param name="domain"> >+## <summary> >+## Domain allowed access. >+## </summary> >+## </param> >+## <rolecap/> >+# >+interface(`phpfpm_stream_connect',` >+ gen_require(` >+ type phpfpm_t, phpfpm_var_run_t; >+ ') >+ stream_connect_pattern($1, phpfpm_var_run_t, phpfpm_var_run_t, phpfpm_t) >+') >--- a/phpfpm.te >+++ b/phpfpm.te >@@ -29,6 +32,7 @@ > allow phpfpm_t self:tcp_socket rw_stream_socket_perms; > allow phpfpm_t self:udp_socket connected_socket_perms; > allow phpfpm_t self:unix_stream_socket accept; >+allow phpfpm_t self:unix_stream_socket create_stream_socket_perms; > > manage_files_pattern(phpfpm_t, phpfpm_log_t, phpfpm_log_t) > logging_log_filetrans(phpfpm_t, phpfpm_log_t, file) >@@ -38,7 +42,8 @@ > files_tmp_filetrans(phpfpm_t, phpfpm_tmp_t, {file dir}) > > manage_files_pattern(phpfpm_t, phpfpm_var_run_t, phpfpm_var_run_t) >-files_pid_filetrans(phpfpm_t, phpfpm_var_run_t, file) >+files_pid_filetrans(phpfpm_t, phpfpm_var_run_t, { file sock_file }) >+manage_sock_files_pattern(phpfpm_t, phpfpm_var_run_t, phpfpm_var_run_t) > > kernel_read_kernel_sysctls(phpfpm_t) > >@@ -78,6 +83,7 @@ > > optional_policy(` > postgresql_tcp_connect(phpfpm_t) >+ postgresql_stream_connect(phpfpm_t) > ') > > optional_policy(`
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=323652">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 434888
:
323652
|
323690
