File passenger-selinux.te of Package passenger

policy_module(passenger-fixes, 1.0)

gen_require(`
    type var_log_t;
    type passenger_tmp_t;
    type passenger_t;
    type httpd_t;
    type tmpfs_t;
    class sock_file write;
    class file { ioctl open getattr append };
    class fifo_file { append create open read setattr getattr unlink write ioctl };
    class capability dac_override;
')

#============= httpd_t ==============
allow httpd_t passenger_tmp_t:sock_file write;

#============= passenger_t ==============
allow passenger_t var_log_t:file { ioctl open getattr append };
allow passenger_t tmpfs_t:filesystem getattr;
allow passenger_t passenger_tmp_t:fifo_file { append create open read setattr getattr unlink write ioctl };
allow passenger_t self:capability dac_override;
allow passenger_t self:cap_userns sys_ptrace;
corenet_tcp_connect_unreserved_ports(passenger_t)
dev_manage_sysfs_dirs(passenger_t)
init_rw_stream_sockets(passenger_t)

Places

File passenger-selinux.te of Package passenger

Places