diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2018-06-15 15:11:23 -0400 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2018-06-16 08:03:00 +0000 |
commit | 5f91aae26b6b0e02c9fabcc5dcf9f4b3e9eedbfe (patch) | |
tree | e4fcf99a70dd49f18b518dbcc593c3ac19d2f2a0 /contrib/selinux/el7/publicinbox.fc | |
parent | 930ed478cc8fd29f39d4fff473a7ff40fb8251dc (diff) | |
download | public-inbox-5f91aae26b6b0e02c9fabcc5dcf9f4b3e9eedbfe.tar.gz |
This adds a SELinux policy suitable for RHEL/CentOS 7. It assumes the following: - public-inbox-httpd and public-inbox-nntpd are running via systemd on sane ports (119 and 80/8080) - /var/lib/public-inbox is the location for mainrepos - /var/run/public-inbox is the location for PERL_INLINE_DIRECTORY - /var/log/public-inbox is the location for logs - mail delivery is done via postfix-pipe or public-inbox-watch via the provided example systemd service Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to 'contrib/selinux/el7/publicinbox.fc')
-rw-r--r-- | contrib/selinux/el7/publicinbox.fc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/contrib/selinux/el7/publicinbox.fc b/contrib/selinux/el7/publicinbox.fc new file mode 100644 index 00000000..c8ada2d0 --- /dev/null +++ b/contrib/selinux/el7/publicinbox.fc @@ -0,0 +1,8 @@ +/usr/(local/)?bin/public-inbox-httpd -- gen_context(system_u:object_r:publicinbox_daemon_exec_t,s0) +/usr/(local/)?bin/public-inbox-nntpd -- gen_context(system_u:object_r:publicinbox_daemon_exec_t,s0) +/usr/(local/)?bin/public-inbox-watch -- gen_context(system_u:object_r:publicinbox_deliver_exec_t,s0) +/usr/(local/)?bin/public-inbox-mda -- gen_context(system_u:object_r:publicinbox_deliver_exec_t,s0) + +/var/lib/public-inbox(/.*)? gen_context(system_u:object_r:publicinbox_var_lib_t,s0) +/var/run/public-inbox(/.*)? gen_context(system_u:object_r:publicinbox_var_run_t,s0) +/var/log/public-inbox(/.*)? gen_context(system_u:object_r:publicinbox_log_t,s0) |