diff --git a/totpcgi-0.5.5-apache-content-template.patch b/totpcgi-0.5.5-apache-content-template.patch index 1c363bf..746fa51 100644 --- a/totpcgi-0.5.5-apache-content-template.patch +++ b/totpcgi-0.5.5-apache-content-template.patch @@ -1,6 +1,6 @@ -diff -up totpcgi-0.5.5/selinux/totpcgi.fc.selinux totpcgi-0.5.5/selinux/totpcgi.fc ---- totpcgi-0.5.5/selinux/totpcgi.fc.selinux 2013-09-20 20:40:19.000000000 +0200 -+++ totpcgi-0.5.5/selinux/totpcgi.fc 2014-11-13 20:46:02.213625417 +0100 +diff -up totpcgi-0.5.5/selinux/totpcgi.fc.apache-content-template totpcgi-0.5.5/selinux/totpcgi.fc +--- totpcgi-0.5.5/selinux/totpcgi.fc.apache-content-template 2013-09-20 20:40:19.000000000 +0200 ++++ totpcgi-0.5.5/selinux/totpcgi.fc 2014-11-13 20:57:21.762567027 +0100 @@ -1,9 +1,9 @@ -/var/www/totpcgi/.*\.f?cgi -- gen_context(system_u:object_r:httpd_totpcgi_script_exec_t,s0) -/etc/totpcgi gen_context(system_u:object_r:httpd_totpcgi_etc_t,s0) @@ -19,9 +19,9 @@ diff -up totpcgi-0.5.5/selinux/totpcgi.fc.selinux totpcgi-0.5.5/selinux/totpcgi. +/var/www/totpcgi-provisioning/.*\.cgi -- gen_context(system_u:object_r:totpcgi_provisioning_script_exec_t,s0) +/etc/totpcgi/pincodes -- gen_context(system_u:object_r:totpcgi_private_etc_t) +/etc/totpcgi/totp(/.*)? gen_context(system_u:object_r:totpcgi_private_etc_t) -diff -up totpcgi-0.5.5/selinux/totpcgi.if.selinux totpcgi-0.5.5/selinux/totpcgi.if ---- totpcgi-0.5.5/selinux/totpcgi.if.selinux 2013-09-20 20:40:19.000000000 +0200 -+++ totpcgi-0.5.5/selinux/totpcgi.if 2014-11-13 20:46:02.217635365 +0100 +diff -up totpcgi-0.5.5/selinux/totpcgi.if.apache-content-template totpcgi-0.5.5/selinux/totpcgi.if +--- totpcgi-0.5.5/selinux/totpcgi.if.apache-content-template 2013-09-20 20:40:19.000000000 +0200 ++++ totpcgi-0.5.5/selinux/totpcgi.if 2014-11-13 20:57:21.766576976 +0100 @@ -1,10 +1,10 @@ -## policy for httpd_totpcgi_script @@ -315,10 +315,9 @@ diff -up totpcgi-0.5.5/selinux/totpcgi.if.selinux totpcgi-0.5.5/selinux/totpcgi. ') -diff -up totpcgi-0.5.5/selinux/totpcgi.sh.selinux totpcgi-0.5.5/selinux/totpcgi.sh -diff -up totpcgi-0.5.5/selinux/totpcgi.te.selinux totpcgi-0.5.5/selinux/totpcgi.te ---- totpcgi-0.5.5/selinux/totpcgi.te.selinux 2013-09-20 20:40:19.000000000 +0200 -+++ totpcgi-0.5.5/selinux/totpcgi.te 2014-11-13 20:46:02.220642827 +0100 +diff -up totpcgi-0.5.5/selinux/totpcgi.te.apache-content-template totpcgi-0.5.5/selinux/totpcgi.te +--- totpcgi-0.5.5/selinux/totpcgi.te.apache-content-template 2013-09-20 20:40:19.000000000 +0200 ++++ totpcgi-0.5.5/selinux/totpcgi.te 2014-11-13 20:57:21.769584437 +0100 @@ -8,59 +8,59 @@ policy_module(totpcgi, 1.1.1) apache_content_template(totpcgi) apache_content_template(totpcgi_provisioning) @@ -382,7 +381,7 @@ diff -up totpcgi-0.5.5/selinux/totpcgi.te.selinux totpcgi-0.5.5/selinux/totpcgi. # needed by totp.fcgi -allow httpd_totpcgi_script_t httpd_t:unix_stream_socket { ioctl accept getattr shutdown read write }; -+allow totpcgi_script_t t:unix_stream_socket { ioctl accept getattr shutdown read write }; ++allow totpcgi_script_t httpd_t:unix_stream_socket { ioctl accept getattr shutdown read write }; # Not sure what triggers this, but it's not needed -files_dontaudit_list_tmp(httpd_totpcgi_script_t) -files_dontaudit_list_tmp(httpd_totpcgi_provisioning_script_t) @@ -390,8 +389,7 @@ diff -up totpcgi-0.5.5/selinux/totpcgi.te.selinux totpcgi-0.5.5/selinux/totpcgi. +files_dontaudit_list_tmp(totpcgi_provisioning_script_t) # This should be upstream, really. --allow httpd_suexec_t httpd_t:unix_stream_socket { read write }; -+allow suexec_t t:unix_stream_socket { read write }; + allow httpd_suexec_t httpd_t:unix_stream_socket { read write }; # # Allow binding to ldap -sysnet_dns_name_resolve(httpd_totpcgi_script_t)