Snippets

cybernet2u PHP-FPM SELinux module policy

Created by cybernet2u
module php-fpm 1.1;

require {
		type httpd_t;
		type user_home_t;
		type httpd_user_content_t;
		type httpd_user_htaccess_t;
		type mysqld_port_t;
		class dir { add_name create remove_name write };
		class file { create rename setattr unlink write };
		class tcp_socket name_connect;
		class process { ptrace setrlimit };
		class capability sys_ptrace;
}

#============= httpd_t ==============

allow httpd_t httpd_user_content_t:dir { add_name create remove_name write };
allow httpd_t httpd_user_content_t:file { create rename setattr write };
allow httpd_t mysqld_port_t:tcp_socket name_connect;
allow httpd_t user_home_t:dir { add_name remove_name };
allow httpd_t user_home_t:file { create unlink write };
allow httpd_t httpd_user_htaccess_t:file { setattr write };
allow httpd_t self:capability sys_ptrace;
allow httpd_t self:process ptrace;

Comments (0)