21 lines
776 B
Plaintext
21 lines
776 B
Plaintext
module fail2ban-allowhttpd 1.1;
|
|
|
|
require {
|
|
type httpd_sys_rw_content_t;
|
|
type fail2ban_t;
|
|
type syslogd_var_run_t;
|
|
type fail2ban_client_t;
|
|
class capability dac_override;
|
|
class dir { read getattr search ioctl };
|
|
class file { getattr read open search ioctl };
|
|
}
|
|
|
|
#============= fail2ban_client_t ==============
|
|
allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
|
|
allow fail2ban_client_t self:capability dac_override;
|
|
|
|
#============= fail2ban_t ==============
|
|
allow fail2ban_t httpd_sys_rw_content_t:dir { read getattr search ioctl };
|
|
allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open search ioctl };
|
|
allow fail2ban_t syslogd_var_run_t:dir read;
|
|
allow fail2ban_t syslogd_var_run_t:file { read getattr open }; |