diff -up totpcgi-0.5.5/selinux/totpcgi.fc.apache-content-template totpcgi-0.5.5/selinux/totpcgi.fc
--- totpcgi-0.5.5/selinux/totpcgi.fc.apache-content-template 2013-09-20 20:40:19.000000000 +0200
+++ totpcgi-0.5.5/selinux/totpcgi.fc 2014-11-13 20:57:21.762567027 +0100
@@ -1,9 +1,9 @@
-/var/www/totpcgi/.*\.f?cgi -- gen_context(system_u:object_r:httpd_totpcgi_script_exec_t,s0)
-/etc/totpcgi gen_context(system_u:object_r:httpd_totpcgi_etc_t,s0)
-/etc/totpcgi/.*\.conf -- gen_context(system_u:object_r:httpd_totpcgi_etc_t,s0)
-/etc/totpcgi/templates(/.*)? gen_context(system_u:object_r:httpd_totpcgi_etc_t,s0)
-/var/lib/totpcgi(/.*)? gen_context(system_u:object_r:httpd_totpcgi_script_var_lib_t,s0)
+/var/www/totpcgi/.*\.f?cgi -- gen_context(system_u:object_r:totpcgi_script_exec_t,s0)
+/etc/totpcgi gen_context(system_u:object_r:totpcgi_etc_t,s0)
+/etc/totpcgi/.*\.conf -- gen_context(system_u:object_r:totpcgi_etc_t,s0)
+/etc/totpcgi/templates(/.*)? gen_context(system_u:object_r:totpcgi_etc_t,s0)
+/var/lib/totpcgi(/.*)? gen_context(system_u:object_r:totpcgi_script_var_lib_t,s0)
-/var/www/totpcgi-provisioning/.*\.cgi -- gen_context(system_u:object_r:httpd_totpcgi_provisioning_script_exec_t,s0)
-/etc/totpcgi/pincodes -- gen_context(system_u:object_r:httpd_totpcgi_private_etc_t)
-/etc/totpcgi/totp(/.*)? gen_context(system_u:object_r:httpd_totpcgi_private_etc_t)
+/var/www/totpcgi-provisioning/.*\.cgi -- gen_context(system_u:object_r:totpcgi_provisioning_script_exec_t,s0)
+/etc/totpcgi/pincodes -- gen_context(system_u:object_r:totpcgi_private_etc_t)
+/etc/totpcgi/totp(/.*)? gen_context(system_u:object_r:totpcgi_private_etc_t)
diff -up totpcgi-0.5.5/selinux/totpcgi.if.apache-content-template totpcgi-0.5.5/selinux/totpcgi.if
--- totpcgi-0.5.5/selinux/totpcgi.if.apache-content-template 2013-09-20 20:40:19.000000000 +0200
+++ totpcgi-0.5.5/selinux/totpcgi.if 2014-11-13 20:57:21.766576976 +0100
@@ -1,10 +1,10 @@
-## <summary>policy for httpd_totpcgi_script</summary>
+## <summary>policy for totpcgi_script</summary>
########################################
## <summary>
-## Transition to httpd_totpcgi_script.
+## Transition to totpcgi_script.
## </summary>
## <param name="domain">
## <summary>
@@ -12,18 +12,18 @@
## </summary>
## </param>
#
-interface(`httpd_totpcgi_script_domtrans',`
+interface(`totpcgi_script_domtrans',`
gen_require(`
- type httpd_totpcgi_script_t, httpd_totpcgi_script_exec_t;
+ type totpcgi_script_t, totpcgi_script_exec_t;
')
corecmd_search_bin($1)
- domtrans_pattern($1, httpd_totpcgi_script_exec_t, httpd_totpcgi_script_t)
+ domtrans_pattern($1, totpcgi_script_exec_t, totpcgi_script_t)
')
########################################
## <summary>
-## Transition to httpd_totpcgi_provisioning_script.
+## Transition to totpcgi_provisioning_script.
## </summary>
## <param name="domain">
## <summary>
@@ -31,18 +31,18 @@ interface(`httpd_totpcgi_script_domtrans
## </summary>
## </param>
#
-interface(`httpd_totpcgi_provisioning_script_domtrans',`
+interface(`totpcgi_provisioning_script_domtrans',`
gen_require(`
- type httpd_totpcgi_provisioning_script_t, httpd_totpcgi_provisioning_script_exec_t;
+ type totpcgi_provisioning_script_t, totpcgi_provisioning_script_exec_t;
')
corecmd_search_bin($1)
- domtrans_pattern($1, httpd_totpcgi_provisioning_script_exec_t, httpd_totpcgi_provisioning_script_t)
+ domtrans_pattern($1, totpcgi_provisioning_script_exec_t, totpcgi_provisioning_script_t)
')
########################################
## <summary>
-## Read httpd_totpcgi conf files.
+## Read totpcgi conf files.
## </summary>
## <param name="domain">
## <summary>
@@ -50,19 +50,19 @@ interface(`httpd_totpcgi_provisioning_sc
## </summary>
## </param>
#
-interface(`httpd_totpcgi_read_conf_files',`
+interface(`totpcgi_read_conf_files',`
gen_require(`
- type httpd_totpcgi_etc_t;
+ type totpcgi_etc_t;
')
- allow $1 httpd_totpcgi_etc_t:file read_file_perms;
- allow $1 httpd_totpcgi_etc_t:dir list_dir_perms;
+ allow $1 totpcgi_etc_t:file read_file_perms;
+ allow $1 totpcgi_etc_t:dir list_dir_perms;
files_search_etc($1)
')
########################################
## <summary>
-## Read httpd_totpcgi private conf files.
+## Read totpcgi private conf files.
## </summary>
## <param name="domain">
## <summary>
@@ -70,19 +70,19 @@ interface(`httpd_totpcgi_read_conf_files
## </summary>
## </param>
#
-interface(`httpd_totpcgi_read_private_conf_files',`
+interface(`totpcgi_read_private_conf_files',`
gen_require(`
- type httpd_totpcgi_private_etc_t;
+ type totpcgi_private_etc_t;
')
- allow $1 httpd_totpcgi_private_etc_t:file read_file_perms;
- allow $1 httpd_totpcgi_etc_t:dir list_dir_perms;
+ allow $1 totpcgi_private_etc_t:file read_file_perms;
+ allow $1 totpcgi_etc_t:dir list_dir_perms;
files_search_etc($1)
')
########################################
## <summary>
-## Manage httpd_totpcgi conf files.
+## Manage totpcgi conf files.
## </summary>
## <param name="domain">
## <summary>
@@ -90,18 +90,18 @@ interface(`httpd_totpcgi_read_private_co
## </summary>
## </param>
#
-interface(`httpd_totpcgi_manage_conf_files',`
+interface(`totpcgi_manage_conf_files',`
gen_require(`
- type httpd_totpcgi_etc_t;
+ type totpcgi_etc_t;
')
- manage_files_pattern($1, httpd_totpcgi_etc_t, httpd_totpcgi_etc_t)
+ manage_files_pattern($1, totpcgi_etc_t, totpcgi_etc_t)
files_search_etc($1)
')
########################################
## <summary>
-## Manage httpd_totpcgi private conf files.
+## Manage totpcgi private conf files.
## </summary>
## <param name="domain">
## <summary>
@@ -109,20 +109,20 @@ interface(`httpd_totpcgi_manage_conf_fil
## </summary>
## </param>
#
-interface(`httpd_totpcgi_manage_private_conf_files',`
+interface(`totpcgi_manage_private_conf_files',`
gen_require(`
- type httpd_totpcgi_private_etc_t;
- type httpd_totpcgi_etc_t;
+ type totpcgi_private_etc_t;
+ type totpcgi_etc_t;
')
- allow $1 httpd_totpcgi_etc_t:dir list_dir_perms;
- manage_files_pattern($1, httpd_totpcgi_private_etc_t, httpd_totpcgi_private_etc_t)
+ allow $1 totpcgi_etc_t:dir list_dir_perms;
+ manage_files_pattern($1, totpcgi_private_etc_t, totpcgi_private_etc_t)
files_search_etc($1)
')
########################################
## <summary>
-## Search httpd_totpcgi_script lib directories.
+## Search totpcgi_script lib directories.
## </summary>
## <param name="domain">
## <summary>
@@ -130,18 +130,18 @@ interface(`httpd_totpcgi_manage_private_
## </summary>
## </param>
#
-interface(`httpd_totpcgi_script_search_lib',`
+interface(`totpcgi_script_search_lib',`
gen_require(`
- type httpd_totpcgi_script_var_lib_t;
+ type totpcgi_script_var_lib_t;
')
- allow $1 httpd_totpcgi_script_var_lib_t:dir search_dir_perms;
+ allow $1 totpcgi_script_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
-## Read httpd_totpcgi_script lib files.
+## Read totpcgi_script lib files.
## </summary>
## <param name="domain">
## <summary>
@@ -149,18 +149,18 @@ interface(`httpd_totpcgi_script_search_l
## </summary>
## </param>
#
-interface(`httpd_totpcgi_script_read_lib_files',`
+interface(`totpcgi_script_read_lib_files',`
gen_require(`
- type httpd_totpcgi_script_var_lib_t;
+ type totpcgi_script_var_lib_t;
')
files_search_var_lib($1)
- read_files_pattern($1, httpd_totpcgi_script_var_lib_t, httpd_totpcgi_script_var_lib_t)
+ read_files_pattern($1, totpcgi_script_var_lib_t, totpcgi_script_var_lib_t)
')
########################################
## <summary>
-## Manage httpd_totpcgi_script lib files.
+## Manage totpcgi_script lib files.
## </summary>
## <param name="domain">
## <summary>
@@ -168,18 +168,18 @@ interface(`httpd_totpcgi_script_read_lib
## </summary>
## </param>
#
-interface(`httpd_totpcgi_script_manage_lib_files',`
+interface(`totpcgi_script_manage_lib_files',`
gen_require(`
- type httpd_totpcgi_script_var_lib_t;
+ type totpcgi_script_var_lib_t;
')
files_search_var_lib($1)
- manage_files_pattern($1, httpd_totpcgi_script_var_lib_t, httpd_totpcgi_script_var_lib_t)
+ manage_files_pattern($1, totpcgi_script_var_lib_t, totpcgi_script_var_lib_t)
')
########################################
## <summary>
-## Manage httpd_totpcgi_script lib directories.
+## Manage totpcgi_script lib directories.
## </summary>
## <param name="domain">
## <summary>
@@ -187,20 +187,20 @@ interface(`httpd_totpcgi_script_manage_l
## </summary>
## </param>
#
-interface(`httpd_totpcgi_script_manage_lib_dirs',`
+interface(`totpcgi_script_manage_lib_dirs',`
gen_require(`
- type httpd_totpcgi_script_var_lib_t;
+ type totpcgi_script_var_lib_t;
')
files_search_var_lib($1)
- manage_dirs_pattern($1, httpd_totpcgi_script_var_lib_t, httpd_totpcgi_script_var_lib_t)
+ manage_dirs_pattern($1, totpcgi_script_var_lib_t, totpcgi_script_var_lib_t)
')
########################################
## <summary>
## All of the rules required to administrate
-## an httpd_totpcgi_script environment
+## an totpcgi_script environment
## </summary>
## <param name="domain">
## <summary>
@@ -214,26 +214,26 @@ interface(`httpd_totpcgi_script_manage_l
## </param>
## <rolecap/>
#
-interface(`httpd_totpcgi_admin',`
+interface(`totpcgi_admin',`
gen_require(`
- type httpd_totpcgi_script_t;
- type httpd_totpcgi_provisioning_script_t;
- type httpd_totpcgi_etc_t;
- type httpd_totpcgi_private_etc_t;
- type httpd_totpcgi_script_var_lib_t;
+ type totpcgi_script_t;
+ type totpcgi_provisioning_script_t;
+ type totpcgi_etc_t;
+ type totpcgi_private_etc_t;
+ type totpcgi_script_var_lib_t;
')
- allow $1 httpd_totpcgi_script_t:process { ptrace signal_perms };
- allow $1 httpd_totpcgi_provisioning_script_t:process { ptrace signal_perms };
- ps_process_pattern($1, httpd_totpcgi_script_t)
- ps_process_pattern($1, httpd_totpcgi_provisioning_script_t)
+ allow $1 totpcgi_script_t:process { ptrace signal_perms };
+ allow $1 totpcgi_provisioning_script_t:process { ptrace signal_perms };
+ ps_process_pattern($1, totpcgi_script_t)
+ ps_process_pattern($1, totpcgi_provisioning_script_t)
files_search_etc($1)
- admin_pattern($1, httpd_totpcgi_etc_t)
- admin_pattern($1, httpd_totpcgi_private_etc_t)
+ admin_pattern($1, totpcgi_etc_t)
+ admin_pattern($1, totpcgi_private_etc_t)
files_search_var_lib($1)
- admin_pattern($1, httpd_totpcgi_script_var_lib_t)
+ admin_pattern($1, totpcgi_script_var_lib_t)
')
diff -up totpcgi-0.5.5/selinux/totpcgi.te.apache-content-template totpcgi-0.5.5/selinux/totpcgi.te
--- totpcgi-0.5.5/selinux/totpcgi.te.apache-content-template 2013-09-20 20:40:19.000000000 +0200
+++ totpcgi-0.5.5/selinux/totpcgi.te 2014-11-13 20:57:21.769584437 +0100
@@ -8,59 +8,59 @@ policy_module(totpcgi, 1.1.1)
apache_content_template(totpcgi)
apache_content_template(totpcgi_provisioning)
-type httpd_totpcgi_etc_t;
-files_type(httpd_totpcgi_etc_t)
+type totpcgi_etc_t;
+files_type(totpcgi_etc_t)
-type httpd_totpcgi_private_etc_t;
-files_type(httpd_totpcgi_private_etc_t)
+type totpcgi_private_etc_t;
+files_type(totpcgi_private_etc_t)
-type httpd_totpcgi_script_var_lib_t;
-files_type(httpd_totpcgi_script_var_lib_t)
+type totpcgi_script_var_lib_t;
+files_type(totpcgi_script_var_lib_t)
########################################
#
-# httpd_totpcgi_script local policy
+# totpcgi_script local policy
#
-search_dirs_pattern(httpd_totpcgi_script_t, httpd_totpcgi_etc_t, httpd_totpcgi_etc_t)
-read_files_pattern(httpd_totpcgi_script_t, httpd_totpcgi_etc_t, httpd_totpcgi_etc_t)
-read_files_pattern(httpd_totpcgi_script_t, httpd_totpcgi_private_etc_t, httpd_totpcgi_private_etc_t)
-
-search_dirs_pattern(httpd_totpcgi_provisioning_script_t, httpd_totpcgi_etc_t, httpd_totpcgi_etc_t)
-read_files_pattern(httpd_totpcgi_provisioning_script_t, httpd_totpcgi_etc_t, httpd_totpcgi_etc_t)
-manage_files_pattern(httpd_totpcgi_provisioning_script_t, httpd_totpcgi_private_etc_t, httpd_totpcgi_private_etc_t)
-files_etc_filetrans(httpd_totpcgi_provisioning_script_t, httpd_totpcgi_private_etc_t, { dir file})
-
-manage_dirs_pattern(httpd_totpcgi_script_t, httpd_totpcgi_script_var_lib_t, httpd_totpcgi_script_var_lib_t)
-manage_files_pattern(httpd_totpcgi_script_t, httpd_totpcgi_script_var_lib_t, httpd_totpcgi_script_var_lib_t)
-files_var_lib_filetrans(httpd_totpcgi_script_t, httpd_totpcgi_script_var_lib_t, { dir file })
-manage_dirs_pattern(httpd_totpcgi_provisioning_script_t, httpd_totpcgi_script_var_lib_t, httpd_totpcgi_script_var_lib_t)
-manage_files_pattern(httpd_totpcgi_provisioning_script_t, httpd_totpcgi_script_var_lib_t, httpd_totpcgi_script_var_lib_t)
-files_var_lib_filetrans(httpd_totpcgi_provisioning_script_t, httpd_totpcgi_script_var_lib_t, { dir file })
+search_dirs_pattern(totpcgi_script_t, totpcgi_etc_t, totpcgi_etc_t)
+read_files_pattern(totpcgi_script_t, totpcgi_etc_t, totpcgi_etc_t)
+read_files_pattern(totpcgi_script_t, totpcgi_private_etc_t, totpcgi_private_etc_t)
+
+search_dirs_pattern(totpcgi_provisioning_script_t, totpcgi_etc_t, totpcgi_etc_t)
+read_files_pattern(totpcgi_provisioning_script_t, totpcgi_etc_t, totpcgi_etc_t)
+manage_files_pattern(totpcgi_provisioning_script_t, totpcgi_private_etc_t, totpcgi_private_etc_t)
+files_etc_filetrans(totpcgi_provisioning_script_t, totpcgi_private_etc_t, { dir file})
+
+manage_dirs_pattern(totpcgi_script_t, totpcgi_script_var_lib_t, totpcgi_script_var_lib_t)
+manage_files_pattern(totpcgi_script_t, totpcgi_script_var_lib_t, totpcgi_script_var_lib_t)
+files_var_lib_filetrans(totpcgi_script_t, totpcgi_script_var_lib_t, { dir file })
+manage_dirs_pattern(totpcgi_provisioning_script_t, totpcgi_script_var_lib_t, totpcgi_script_var_lib_t)
+manage_files_pattern(totpcgi_provisioning_script_t, totpcgi_script_var_lib_t, totpcgi_script_var_lib_t)
+files_var_lib_filetrans(totpcgi_provisioning_script_t, totpcgi_script_var_lib_t, { dir file })
-logging_send_syslog_msg(httpd_totpcgi_script_t)
-logging_send_syslog_msg(httpd_totpcgi_provisioning_script_t)
+logging_send_syslog_msg(totpcgi_script_t)
+logging_send_syslog_msg(totpcgi_provisioning_script_t)
# needed by totp.fcgi
-allow httpd_totpcgi_script_t httpd_t:unix_stream_socket { ioctl accept getattr shutdown read write };
+allow totpcgi_script_t httpd_t:unix_stream_socket { ioctl accept getattr shutdown read write };
# Not sure what triggers this, but it's not needed
-files_dontaudit_list_tmp(httpd_totpcgi_script_t)
-files_dontaudit_list_tmp(httpd_totpcgi_provisioning_script_t)
+files_dontaudit_list_tmp(totpcgi_script_t)
+files_dontaudit_list_tmp(totpcgi_provisioning_script_t)
# This should be upstream, really.
allow httpd_suexec_t httpd_t:unix_stream_socket { read write };
#
# Allow binding to ldap
-sysnet_dns_name_resolve(httpd_totpcgi_script_t)
-miscfiles_read_certs(httpd_totpcgi_script_t)
-sysnet_use_ldap(httpd_totpcgi_script_t)
-sysnet_dns_name_resolve(httpd_totpcgi_provisioning_script_t)
-miscfiles_read_certs(httpd_totpcgi_provisioning_script_t)
-sysnet_use_ldap(httpd_totpcgi_provisioning_script_t)
+sysnet_dns_name_resolve(totpcgi_script_t)
+miscfiles_read_certs(totpcgi_script_t)
+sysnet_use_ldap(totpcgi_script_t)
+sysnet_dns_name_resolve(totpcgi_provisioning_script_t)
+miscfiles_read_certs(totpcgi_provisioning_script_t)
+sysnet_use_ldap(totpcgi_provisioning_script_t)
# Allow connecting to postgresql
-postgresql_tcp_connect(httpd_totpcgi_script_t)
-postgresql_stream_connect(httpd_totpcgi_script_t)
-postgresql_tcp_connect(httpd_totpcgi_provisioning_script_t)
-postgresql_stream_connect(httpd_totpcgi_provisioning_script_t)
+postgresql_tcp_connect(totpcgi_script_t)
+postgresql_stream_connect(totpcgi_script_t)
+postgresql_tcp_connect(totpcgi_provisioning_script_t)
+postgresql_stream_connect(totpcgi_provisioning_script_t)