Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sec-policy/selinux-nginx/files/fix-services-nginx-r2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sec-policy/selinux-nginx/files/fix-services-nginx-r2.patch')
-rw-r--r--sec-policy/selinux-nginx/files/fix-services-nginx-r2.patch263
1 files changed, 0 insertions, 263 deletions
diff --git a/sec-policy/selinux-nginx/files/fix-services-nginx-r2.patch b/sec-policy/selinux-nginx/files/fix-services-nginx-r2.patch
deleted file mode 100644
index 8f337edb9dd9..000000000000
--- a/sec-policy/selinux-nginx/files/fix-services-nginx-r2.patch
+++ /dev/null
@@ -1,263 +0,0 @@
---- services/nginx.te 1970-01-01 01:00:00.000000000 +0100
-+++ services/nginx.te 2011-07-21 14:12:37.817000675 +0200
-@@ -0,0 +1,194 @@
-+###############################################################################
-+# SELinux module for the NGINX Web Server
-+#
-+# Project Contact Information:
-+# Stuart Cianos
-+# Email: scianos@alphavida.com
-+#
-+###############################################################################
-+# (C) Copyright 2009 by Stuart Cianos, d/b/a AlphaVida. All Rights Reserved.
-+#
-+#
-+# Stuart Cianos licenses this file to You under the GNU General Public License,
-+# Version 3.0 (the "License"); you may not use this file except in compliance
-+# with the License. You may obtain a copy of the License at
-+#
-+# http://www.gnu.org/licenses/gpl.txt
-+#
-+# or in the COPYING file included in the original archive.
-+#
-+# Disclaimer of Warranty.
-+#
-+# THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-+# APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-+# HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-+# OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+# PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-+# IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-+# ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-+#
-+# Limitation of Liability.
-+#
-+# IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-+# WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-+# THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-+# GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-+# USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-+# DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-+# PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-+# EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-+# SUCH DAMAGES.
-+###############################################################################
-+policy_module(nginx,1.0.10)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+## <desc>
-+## <p>
-+## Allow nginx to serve HTTP content (act as an http server)
-+## </p>
-+## </desc>
-+gen_tunable(gentoo_nginx_enable_http_server, false)
-+
-+## <desc>
-+## <p>
-+## Allow nginx to act as an imap proxy server)
-+## </p>
-+## </desc>
-+gen_tunable(gentoo_nginx_enable_imap_server, false)
-+
-+## <desc>
-+## <p>
-+## Allow nginx to act as a pop3 server)
-+## </p>
-+## </desc>
-+gen_tunable(gentoo_nginx_enable_pop3_server, false)
-+
-+## <desc>
-+## <p>
-+## Allow nginx to act as an smtp server)
-+## </p>
-+## </desc>
-+gen_tunable(gentoo_nginx_enable_smtp_server, false)
-+
-+## <desc>
-+## <p>
-+## Allow nginx to connect to remote HTTP servers
-+## </p>
-+## </desc>
-+gen_tunable(gentoo_nginx_can_network_connect_http, false)
-+
-+## <desc>
-+## <p>
-+## Allow nginx to connect to remote servers (regardless of protocol)
-+## </p>
-+## </desc>
-+gen_tunable(gentoo_nginx_can_network_connect, false)
-+
-+type nginx_t;
-+type nginx_exec_t;
-+init_daemon_domain(nginx_t, nginx_exec_t)
-+
-+# conf files
-+type nginx_conf_t;
-+files_type(nginx_conf_t)
-+
-+# log files
-+type nginx_log_t;
-+logging_log_file(nginx_log_t)
-+
-+# tmp files
-+type nginx_tmp_t;
-+files_tmp_file(nginx_tmp_t)
-+
-+# var/lib files
-+type nginx_var_lib_t;
-+files_type(nginx_var_lib_t)
-+
-+# pid files
-+type nginx_var_run_t;
-+files_pid_file(nginx_var_run_t)
-+
-+########################################
-+#
-+# nginx local policy
-+#
-+
-+## Self rules
-+allow nginx_t self:fifo_file { read write };
-+allow nginx_t self:unix_stream_socket create_stream_socket_perms;
-+allow nginx_t self:tcp_socket { listen accept };
-+allow nginx_t self:capability { setuid net_bind_service setgid chown };
-+
-+## Policy-owned type management rules
-+
-+# conf files
-+read_files_pattern(nginx_t, nginx_conf_t, nginx_conf_t)
-+
-+# log files
-+manage_files_pattern(nginx_t, nginx_log_t, nginx_log_t)
-+logging_log_filetrans(nginx_t, nginx_log_t, { file dir })
-+
-+
-+# pid file
-+manage_dirs_pattern(nginx_t, nginx_var_run_t, nginx_var_run_t)
-+manage_files_pattern(nginx_t, nginx_var_run_t, nginx_var_run_t)
-+files_pid_filetrans(nginx_t, nginx_var_run_t, file)
-+
-+# tmp files
-+manage_files_pattern(nginx_t, nginx_tmp_t, nginx_tmp_t)
-+manage_dirs_pattern(nginx_t, nginx_tmp_t, nginx_tmp_t)
-+files_tmp_filetrans(nginx_t, nginx_tmp_t, dir)
-+
-+# var/lib files
-+create_files_pattern(nginx_t, nginx_var_lib_t, nginx_var_lib_t)
-+create_sock_files_pattern(nginx_t, nginx_var_lib_t, nginx_var_lib_t)
-+files_var_lib_filetrans(nginx_t,nginx_var_lib_t, { file dir sock_file })
-+
-+## Kernel layer modules
-+#
-+kernel_read_kernel_sysctls(nginx_t)
-+corenet_tcp_bind_generic_node(nginx_t)
-+corenet_tcp_sendrecv_generic_if(nginx_t)
-+corenet_tcp_sendrecv_generic_node(nginx_t)
-+domain_use_interactive_fds(nginx_t)
-+files_read_etc_files(nginx_t)
-+
-+## System layer modules
-+miscfiles_read_localization(nginx_t)
-+sysnet_dns_name_resolve(nginx_t)
-+
-+## Other modules
-+
-+tunable_policy(`gentoo_nginx_enable_http_server',`
-+ corenet_tcp_bind_http_port(nginx_t)
-+ apache_read_sys_content(nginx_t)
-+')
-+
-+# We enable both binding and connecting, since nginx acts here as a reverse proxy
-+tunable_policy(`gentoo_nginx_enable_imap_server',`
-+ corenet_tcp_bind_pop_port(nginx_t)
-+ corenet_tcp_connect_pop_port(nginx_t)
-+')
-+
-+tunable_policy(`gentoo_nginx_enable_pop3_server',`
-+ corenet_tcp_bind_pop_port(nginx_t)
-+ corenet_tcp_connect_pop_port(nginx_t)
-+')
-+
-+tunable_policy(`gentoo_nginx_enable_smtp_server',`
-+ corenet_tcp_bind_smtp_port(nginx_t)
-+ corenet_tcp_connect_smtp_port(nginx_t)
-+')
-+
-+tunable_policy(`gentoo_nginx_can_network_connect_http',`
-+ corenet_tcp_connect_http_port(nginx_t)
-+')
-+
-+tunable_policy(`gentoo_nginx_can_network_connect',`
-+ corenet_tcp_connect_all_ports(nginx_t)
-+')
---- services/nginx.fc 1970-01-01 01:00:00.000000000 +0100
-+++ services/nginx.fc 2011-07-21 14:21:43.956000690 +0200
-@@ -0,0 +1,63 @@
-+###############################################################################
-+# SELinux module for the NGINX Web Server
-+#
-+# Project Contact Information:
-+# Stuart Cianos
-+# Email: scianos@alphavida.com
-+#
-+###############################################################################
-+# (C) Copyright 2009 by Stuart Cianos, d/b/a AlphaVida. All Rights Reserved.
-+#
-+#
-+# Stuart Cianos licenses this file to You under the GNU General Public License,
-+# Version 3.0 (the "License"); you may not use this file except in compliance
-+# with the License. You may obtain a copy of the License at
-+#
-+# http://www.gnu.org/licenses/gpl.txt
-+#
-+# or in the COPYING file included in the original archive.
-+#
-+# Disclaimer of Warranty.
-+#
-+# THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-+# APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-+# HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-+# OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+# PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-+# IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-+# ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-+#
-+# Limitation of Liability.
-+#
-+# IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-+# WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-+# THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-+# GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-+# USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-+# DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-+# PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-+# EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-+# SUCH DAMAGES.
-+###############################################################################
-+# nginx executable will have:
-+# label: system_u:object_r:nginx_exec_t
-+# MLS sensitivity: s0
-+# MCS categories: <none>
-+
-+#
-+# /etc
-+#
-+/etc/nginx(/.*)? gen_context(system_u:object_r:nginx_conf_t,s0)
-+/etc/ssl/nginx(/.*)? gen_context(system_u:object_r:nginx_conf_t,s0)
-+
-+#
-+# /usr
-+#
-+/usr/sbin/nginx -- gen_context(system_u:object_r:nginx_exec_t,s0)
-+
-+#
-+# /var
-+#
-+/var/log/nginx(/.*)? gen_context(system_u:object_r:nginx_log_t,s0)
-+/var/tmp/nginx(/.*)? gen_context(system_u:object_r:nginx_tmp_t,s0)