Allow shibd to read/run /usr

author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Tue, 26 Apr 2005 17:10:47 +0000 (17:10 +0000)

committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Tue, 26 Apr 2005 17:10:47 +0000 (17:10 +0000)
author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Tue, 26 Apr 2005 17:10:47 +0000 (17:10 +0000)
committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Tue, 26 Apr 2005 17:10:47 +0000 (17:10 +0000)
diff --git a/selinux/shibshar.te b/selinux/shibshar.te

index 32c766c..444272b 100644 (file)
--- a/selinux/shibshar.te
+++ b/selinux/shibshar.te
@@ -21,9 +21,10 @@ allow shibshar_t var_log_t:file { create };
  
  allow shibshar_t shibshar_t:unix_stream_socket create_stream_socket_perms;
  allow shibshar_t shibshar_t:netlink_route_socket { create bind };
-
+allow shibshar_t usr_t:dir r_dir_perms;
+allow shibshar_t usr_t:file rx_file_perms;
+ 
  # Enable HTTPD to connect to the shib-shar socket and read/write to it
  can_unix_connect(httpd_t, shibshar_var_run_t)
  allow httpd_t shibshar_var_run_t:sock_file { write };
  allow httpd_t shibshar_t:unix_stream_socket { connectto };
-
author	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Tue, 26 Apr 2005 17:10:47 +0000 (17:10 +0000)
committer	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Tue, 26 Apr 2005 17:10:47 +0000 (17:10 +0000)