URL: https://github.com/freeipa/freeipa/pull/4443 Author: abbra Title: #4443: [Backport][ipa-4-8] SELinux: apache_manage_pid_files for F30 Action: opened
PR body: """ This PR was opened automatically because PR #4435 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4443/head:pr4443 git checkout pr4443
From d602e7711735fccac6e5bc568fb8253d7aef439b Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 24 Mar 2020 16:07:54 +0100 Subject: [PATCH] SELinux: apache_manage_pid_files for F30 SELinux policy on F30 doesn't have the interface apache_manage_pid_files(). Define the interface conditionally. Fixes: https://pagure.io/freeipa/issue/8241 Signed-off-by: Christian Heimes <chei...@redhat.com> --- selinux/ipa.if | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/selinux/ipa.if b/selinux/ipa.if index 44c0a93662..cefae5d902 100644 --- a/selinux/ipa.if +++ b/selinux/ipa.if @@ -365,3 +365,30 @@ interface(`ipa_custodia_stream_connect',` allow $1 ipa_custodia_t:unix_stream_socket { connectto }; ') + +######################################## +## <summary> +## Manage apache pid objects. +## The interface is defined by selinux-policy since Fedora 31 and is +## conditionally defined here for Fedora 30. +## See https://pagure.io/freeipa/issue/8241. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# + +ifndef(`apache_manage_pid_files',` + interface(`apache_manage_pid_files',` + gen_require(` + type httpd_var_run_t; + ') + + files_search_pids($1) + manage_dirs_pattern($1, httpd_var_run_t, httpd_var_run_t) + manage_files_pattern($1, httpd_var_run_t, httpd_var_run_t) + manage_sock_files_pattern($1, httpd_var_run_t, httpd_var_run_t) + ') +')
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
