58 lines
1.3 KiB
Plaintext
58 lines
1.3 KiB
Plaintext
policy_module(nextcloud, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
########################################
|
|
#
|
|
# lego local policy
|
|
#
|
|
|
|
gen_require(`
|
|
type phpfpm_t;
|
|
type phpfpm_tmp_t;
|
|
type etc_t;
|
|
type cert_t;
|
|
type httpd_sys_content_t;
|
|
type httpd_sys_rw_content_t;
|
|
class file { map open read };
|
|
class process sigkill;
|
|
class shm { create destroy read unix_read unix_write write };
|
|
')
|
|
|
|
optional_policy(`
|
|
gen_require(`
|
|
type system_cronjob_t;
|
|
type phpfpm_exec_t;
|
|
')
|
|
cron_system_entry(phpfpm_t, phpfpm_exec_t)
|
|
')
|
|
|
|
corenet_udp_bind_generic_node(phpfpm_t)
|
|
corenet_tcp_connect_http_port(phpfpm_t)
|
|
# Allow to connect to IMAP/SMTP
|
|
corenet_tcp_connect_pop_port(phpfpm_t)
|
|
corenet_tcp_connect_smtp_port(phpfpm_t)
|
|
|
|
fs_rw_hugetlbfs_files(phpfpm_t)
|
|
allow phpfpm_t hugetlbfs_t:file map;
|
|
|
|
allow phpfpm_t etc_t:file map;
|
|
allow phpfpm_t phpfpm_tmp_t:file map;
|
|
allow phpfpm_t httpd_sys_content_t:file map;
|
|
allow phpfpm_t httpd_sys_rw_content_t:file map;
|
|
|
|
allow phpfpm_t cert_t:file { open read };
|
|
|
|
allow phpfpm_t self:process sigkill;
|
|
allow phpfpm_t self:shm { create_shm_perms r_shm_perms };
|
|
|
|
files_search_var(phpfpm_t)
|
|
userdom_list_user_home_content(phpfpm_t)
|
|
userdom_read_user_home_content_files(phpfpm_t)
|
|
files_search_mnt(phpfpm_t)
|
|
|
|
files_dontaudit_list_var(phpfpm_t)
|