commit: f91a762a20650fa883a012334c573079cffa14e8
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri Mar 11 17:37:28 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Mar 11 17:37:28 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f91a762a
uwsgi: allow reading net sysctls and ldconfig for python apps
policy/modules/contrib/uwsgi.te | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/uwsgi.te b/policy/modules/contrib/uwsgi.te
index 02b29e8..2ba18a0 100644
--- a/policy/modules/contrib/uwsgi.te
+++ b/policy/modules/contrib/uwsgi.te
@@ -71,11 +71,14 @@ corecmd_exec_bin(uwsgi_t)
corecmd_exec_shell(uwsgi_t)
kernel_read_system_state(uwsgi_t)
+kernel_read_net_sysctls(uwsgi_t)
+
+libs_exec_ldconfig(uwsgi_t)
miscfiles_read_localization(uwsgi_t)
optional_policy(`
- apache_search_sys_content(uwsgi_t)
+ apache_read_all_content(uwsgi_t)
apache_manage_all_rw_content(uwsgi_t)
')
