Bug 434888

Summary:	selinux-phpfpm-2.20120725-r5: use stream sockets
Product:	Gentoo Linux	Reporter:	Vincent Brillault <gentoo>
Component:	SELinux	Assignee:	Matthew Thode ( prometheanfire ) <prometheanfire>
Status:	VERIFIED FIXED
Severity:	enhancement	CC:	selinux
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	sec-policy r6
Package list:		Runtime testing required:	---
Attachments:	Proposed patch to implement the enhancement phpfpm patch for hardened-refpolicy

Description Vincent Brillault 2012-09-13 11:55:05 UTC

Created attachment 323652 [details]
Proposed patch to implement the enhancement

The current phpfpm policy doesn't allow to use stream sockets.
Here is a patch that at least partially allows it.

Optional policies should also be added to the different servers, e.g for nginx: 
'''
optional_policy(`
	phpfpm_stream_connect(nginx_t)
')
'''

Comment 1 Matthew Thode ( prometheanfire ) archtester

2012-09-13 16:41:20 UTC

Created attachment 323690 [details]
phpfpm patch for hardened-refpolicy

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2012-10-04 17:52:41 UTC

Matthew, if you don't mind me changing the state of your bug(s) ;-) The patch is pulled in from refpolicy so will be part of -r6 (and is already in the live ebuilds).

Comment 3 Matthew Thode ( prometheanfire ) archtester

2012-10-04 19:23:00 UTC

I don't know if this should go in r6 given it's state upstream (dunno what's happening with it with grift doing what he wants with it...)

Comment 4 Sven Vermeulen (RETIRED) gentoo-dev

2012-11-03 17:39:45 UTC

In hardened-dev, r6 release

Comment 5 Sven Vermeulen (RETIRED) gentoo-dev

2012-11-18 15:28:35 UTC

In main tree, ~arch'ed

Comment 6 Sven Vermeulen (RETIRED) gentoo-dev

2012-12-13 10:15:15 UTC

r8 is now stable