Last active
August 17, 2017 17:00
-
-
Save zamber/7d82850abf3a17fdd401 to your computer and use it in GitHub Desktop.
SELinux: Varnish + reading symlinks in /etc/varnish
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module varnishlnkfile 1.0.0; | |
| # The changes linked below did not trigger a version bump so on some systems reading usr_t in .vcl's is restricted | |
| # http://j.mp/selinux-varnish-symlinks | |
| # @gist https://gist.github.com/Zamber/7d82850abf3a17fdd401 | |
| require { | |
| type usr_t; | |
| type varnishd_t; | |
| type varnishd_etc_t; | |
| class process sigkill; | |
| class file { read open getattr }; | |
| class lnk_file { read getattr }; | |
| }; | |
| allow varnishd_t self:process sigkill; | |
| allow varnishd_t usr_t:file { read open getattr }; | |
| allow varnishd_t varnishd_etc_t:lnk_file { read getattr }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment