diff --git a/Changelog b/Changelog index 717b309..382ac7a 100644 --- a/Changelog +++ b/Changelog @@ -9,6 +9,8 @@ - Pam_mount fix for local login from Stefan Schulze Frielinghaus. - Issuing commands to upstart is over a datagram socket, not the initctl named pipe. Updated init_telinit() to match. +- Added modules: + w3c (Dan Walsh) * Wed Jul 02 2008 Chris PeBenito - 20080702 - Fix httpd_enable_homedirs to actually provide the access it is supposed to diff --git a/policy/modules/services/w3c.fc b/policy/modules/services/w3c.fc new file mode 100644 index 0000000..a9cc9a8 --- /dev/null +++ b/policy/modules/services/w3c.fc @@ -0,0 +1,4 @@ +/usr/lib/cgi-bin/check gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) + +/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0) +/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) diff --git a/policy/modules/services/w3c.if b/policy/modules/services/w3c.if new file mode 100644 index 0000000..8f678a9 --- /dev/null +++ b/policy/modules/services/w3c.if @@ -0,0 +1 @@ +## W3C Markup Validator diff --git a/policy/modules/services/w3c.te b/policy/modules/services/w3c.te new file mode 100644 index 0000000..6c27d54 --- /dev/null +++ b/policy/modules/services/w3c.te @@ -0,0 +1,25 @@ + +policy_module(w3c, 1.0.0) + +######################################## +# +# Declarations +# + +apache_content_template(w3c_validator) + +######################################## +# +# Local policy +# + +corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t) +corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t) +corenet_tcp_connect_http_port(httpd_w3c_validator_script_t) +corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t) +corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t) +corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t) + +miscfiles_read_certs(httpd_w3c_validator_script_t) + +sysnet_dns_name_resolve(httpd_w3c_validator_script_t)