optional_policy(`mysql.te',`
mysql_stream_connect(httpd_t)
+ mysql_rw_db_socket(httpd_t)
')
optional_policy(`nis.te',`
dontaudit httpd_t sysadm_home_dir_t:dir getattr;
allow httpd_sys_script_t var_spool_t:dir getattr;
-optional_policy(`mysql.te',`
- allow httpd_t mysqld_db_t:dir search;
- allow httpd_t mysqld_db_t:sock_file rw_file_perms;
-')
-
-optional_policy(`mysql.te',`
- allow httpd_sys_script_t mysqld_db_t:dir search;
- allow httpd_sys_script_t mysqld_db_t:sock_file rw_file_perms;
-')
-
ifdef(`targeted_policy',`
if (httpd_enable_homedirs) {
allow httpd_t user_home_dir_t:dir { getattr search };
optional_policy(`mysql.te',`
mysql_stream_connect(httpd_sys_script_t)
+ mysql_rw_db_socket(httpd_sys_script_t)
')
########################################
interface(`mysql_signal',`
gen_require(`
type mysqld_t;
- class process signal;
')
allow $1 mysqld_t:process signal;
interface(`mysql_stream_connect',`
gen_require(`
type mysqld_t, mysqld_var_run_t;
- class unix_stream_socket connectto;
- class dir search;
- class sock_file write;
')
allow $1 mysqld_var_run_t:dir search;
interface(`mysql_read_config',`
gen_require(`
type mysqld_etc_t;
- class dir { getattr read search };
- class file { read getattr };
- class lnk_file { getattr read };
')
allow $1 mysqld_etc_t:dir { getattr read search };
interface(`mysql_search_db_dir',`
gen_require(`
type mysqld_db_t;
- class dir search;
')
files_search_var_lib($1)
interface(`mysql_rw_db_dir',`
gen_require(`
type mysqld_db_t;
- class rw_dir_perms;
')
files_search_var_lib($1)
interface(`mysql_manage_db_dir',`
gen_require(`
type mysql_db_t;
- class create_dir_perms;
')
files_search_var_lib($1)
allow $1 mysqld_db_t:dir create_dir_perms;
')
+########################################
+## <summary>
+## Read and write to the MySQL database
+## named socket.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
+#
+interface(`mysql_rw_db_socket',`
+ gen_require(`
+ type mysqld_db_t;
+ ')
+
+ files_search_var_lib($1)
+ allow $1 mysqld_db_t:dir search;
+ allow $1 mysqld_db_t:sock_file rw_file_perms;
+')
+
########################################
## <summary>
## Write to the MySQL log.
interface(`mysql_write_log',`
gen_require(`
type mysqld_log_t;
- class file { write append setattr ioctl };
')
logging_search_logs($1)