Summary: | selinux-phpfpm-2.20120725-r5: use stream sockets | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Vincent Brillault <gentoo> |
Component: | SELinux | Assignee: | Matthew Thode ( prometheanfire ) <prometheanfire> |
Status: | VERIFIED FIXED | ||
Severity: | enhancement | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r6 | ||
Package list: | Runtime testing required: | --- | |
Attachments: |
Proposed patch to implement the enhancement
phpfpm patch for hardened-refpolicy |
Created attachment 323690 [details]
phpfpm patch for hardened-refpolicy
Matthew, if you don't mind me changing the state of your bug(s) ;-) The patch is pulled in from refpolicy so will be part of -r6 (and is already in the live ebuilds). I don't know if this should go in r6 given it's state upstream (dunno what's happening with it with grift doing what he wants with it...) In hardened-dev, r6 release In main tree, ~arch'ed r8 is now stable |
Created attachment 323652 [details] Proposed patch to implement the enhancement The current phpfpm policy doesn't allow to use stream sockets. Here is a patch that at least partially allows it. Optional policies should also be added to the different servers, e.g for nginx: ''' optional_policy(` phpfpm_stream_connect(nginx_t) ') '''