20 lines
451 B
Plaintext
20 lines
451 B
Plaintext
module ironic_policy 1.0;
|
|
|
|
require {
|
|
type httpd_t;
|
|
type root_t;
|
|
type default_t;
|
|
class file open;
|
|
class file read;
|
|
class file getattr;
|
|
}
|
|
|
|
|
|
#============= httpd_t ==============
|
|
|
|
#!!!! This avc can be allowed using the boolean 'daemons_dump_core'
|
|
allow httpd_t root_t:file open;
|
|
allow httpd_t default_t:file open;
|
|
allow httpd_t root_t:file { read getattr };
|
|
allow httpd_t default_t:file { read getattr };
|