92bc3717 |
1 | # Last Modified: Wed Jan 18 10:48:17 2012 |
2 | # ------------------------------------------------------------------ |
3 | # |
4 | # Copyright (C) 2002-2005 Novell/SUSE |
5 | # |
6 | # This program is free software; you can redistribute it and/or |
7 | # modify it under the terms of version 2 of the GNU General Public |
8 | # License published by the Free Software Foundation. |
9 | # |
10 | # ------------------------------------------------------------------ |
11 | |
12 | #include <tunables/global> |
13 | |
14 | /usr/sbin/lighttpd { |
15 | #include <abstractions/base> |
16 | #include <abstractions/consoles> |
17 | #include <abstractions/nameservice> |
18 | #include <abstractions/perl> |
19 | #include <abstractions/php5> |
20 | #include <abstractions/web-data> |
21 | |
22 | capability dac_override, |
23 | capability net_bind_service, |
24 | capability setgid, |
25 | capability setuid, |
26 | capability sys_chroot, |
27 | capability sys_resource, |
28 | |
92bc3717 |
29 | /bin/bash mix, |
30 | /bin/cat mix, |
92bc3717 |
31 | /bin/zsh mix, |
32 | /etc/lighttpd r, |
33 | /etc/lighttpd/*.conf r, |
34 | /etc/lighttpd/auth.d/* r, |
35 | /etc/lighttpd/conf.d/*.conf r, |
36 | /etc/lighttpd/vhosts.d r, |
37 | /etc/lighttpd/vhosts.d/* r, |
38 | /etc/php/conf.d/ r, |
39 | /etc/php/php.ini r, |
40 | /etc/ssl/private/*.pem r, |
41 | /run/lighttpd/* w, |
42 | /srv/http/ r, |
43 | /srv/http/** r, |
44 | /tmp/* rw, |
45 | /usr/bin/php-cgi Cx, |
46 | /usr/lib/lighttpd/*.so mr, |
47 | /usr/lib64/lighttpd/*.so mr, |
48 | /usr/sbin/lighttpd mix, |
49 | /var/cache/lighttpd/ r, |
50 | /var/cache/lighttpd/** rwl, |
51 | /var/lib/lighttpd/ r, |
52 | /var/lib/lighttpd/** rwl, |
53 | /var/log/lighttpd/*.log rw, |
54 | /{,var/}run/lighttpd.pid rwl, |
55 | |
56 | |
57 | profile /usr/bin/php-cgi { |
58 | #include <abstractions/base> |
59 | |
60 | |
61 | |
62 | /etc/* r, |
63 | /etc/php/** r, |
64 | /lib/lib*so* mr, |
65 | /srv/http/ r, |
66 | /srv/http/** r, |
67 | /tmp/* rwk, |
68 | /usr/bin/php-cgi r, |
69 | /usr/lib/lib*so* mr, |
70 | /usr/lib{,32,64}/** mr, |
71 | |
72 | } |
73 | } |