MojoMojo from Lain Arnell.

diff --git a/Changelog b/Changelog
index 3a58325c60073ae0e0950fd506f9a032bd0f47f0..d702c7afb9019ce9b091d13e2f63631daf67e482 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -7,6 +7,7 @@
 - Added modules:
        cgroup (Dominick Grift)
        livecd (Dan Walsh)
+       mojomojo (Lain Arnell)
        shutdown (Dan Walsh)
 
 * Mon May 24 2010 Chris PeBenito <selinux@tresys.com> - 2.20100524

diff --git a/policy/modules/services/mojomojo.fc b/policy/modules/services/mojomojo.fc
new file mode 100644 (file)
index 0000000..824c979
--- /dev/null
+++ b/policy/modules/services/mojomojo.fc
@@ -0,0 +1,5 @@
+/usr/bin/mojomojo_fastcgi\.pl  --      gen_context(system_u:object_r:httpd_mojomojo_script_exec_t,s0)
+
+/usr/share/mojomojo/root(/.*)?         gen_context(system_u:object_r:httpd_mojomojo_content_t,s0)
+
+/var/lib/mojomojo(/.*)?                        gen_context(system_u:object_r:httpd_mojomojo_rw_content_t,s0)

diff --git a/policy/modules/services/mojomojo.if b/policy/modules/services/mojomojo.if
new file mode 100644 (file)
index 0000000..657a9fc
--- /dev/null
+++ b/policy/modules/services/mojomojo.if
@@ -0,0 +1,40 @@
+## <summary>MojoMojo Wiki</summary>
+
+########################################
+## <summary>
+##     All of the rules required to administrate
+##     an mojomojo environment
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+## <param name="role">
+##     <summary>
+##     Role allowed access.
+##     </summary>
+## </param>
+## <rolecap/>
+#
+interface(`mojomojo_admin',`
+       gen_require(`
+               type httpd_mojomojo_script_t;
+               type httpd_mojomojo_content_t, httpd_mojomojo_ra_content_t;
+               type httpd_mojomojo_rw_content_t;
+               type httpd_mojomojo_script_exec_t, httpd_mojomojo_htaccess_t;
+       ')
+
+       allow $1 httpd_mojomojo_script_t:process { ptrace signal_perms };
+       ps_process_pattern($1, httpd_mojomojo_script_t)
+
+       files_search_var_lib(httpd_mojomojo_script_t)
+
+       apache_search_sys_content($1)
+       admin_pattern($1, httpd_mojomojo_script_exec_t)
+       admin_pattern($1, httpd_mojomojo_script_t)
+       admin_pattern($1, httpd_mojomojo_content_t)
+       admin_pattern($1, httpd_mojomojo_htaccess_t)
+       admin_pattern($1, httpd_mojomojo_rw_content_t)
+       admin_pattern($1, httpd_mojomojo_ra_content_t)
+')

diff --git a/policy/modules/services/mojomojo.te b/policy/modules/services/mojomojo.te
new file mode 100644 (file)
index 0000000..83f002c
--- /dev/null
+++ b/policy/modules/services/mojomojo.te
@@ -0,0 +1,36 @@
+policy_module(mojomojo, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+apache_content_template(mojomojo)
+
+########################################
+#
+# mojomojo local policy
+#
+
+allow httpd_mojomojo_script_t httpd_t:unix_stream_socket rw_stream_socket_perms;
+
+corenet_tcp_connect_postgresql_port(httpd_mojomojo_script_t)
+corenet_tcp_connect_mysqld_port(httpd_mojomojo_script_t)
+corenet_tcp_connect_smtp_port(httpd_mojomojo_script_t)
+corenet_sendrecv_postgresql_client_packets(httpd_mojomojo_script_t)
+corenet_sendrecv_mysqld_client_packets(httpd_mojomojo_script_t)
+corenet_sendrecv_smtp_client_packets(httpd_mojomojo_script_t)
+
+files_search_var_lib(httpd_mojomojo_script_t)
+
+sysnet_dns_name_resolve(httpd_mojomojo_script_t)
+
+mta_send_mail(httpd_mojomojo_script_t)
+
+optional_policy(`
+       mysql_stream_connect(httpd_mojomojo_script_t)
+')
+
+optional_policy(`
+       postgresql_stream_connect(httpd_mojomojo_script_t)
+')