uWSGI server for Python web applications

######################################## ##

## Connect to uwsgi using a unix ## domain stream socket. ##

## ##

## Domain allowed access. ##

## # interface(`uwsgi_stream_connect',` gen_require(` type uwsgi_t, uwsgi_run_t; ') files_search_pids($1) list_dirs_pattern($1, uwsgi_run_t, uwsgi_run_t) stream_connect_pattern($1, uwsgi_run_t, uwsgi_run_t, uwsgi_t) ') ######################################## ##

## Manage uwsgi content. ##

## ##

## Domain allowed access. ##

## # interface(`uwsgi_manage_content',` gen_require(` type uwsgi_content_t; ') files_search_pids($1) manage_dirs_pattern($1, uwsgi_content_t, uwsgi_content_t) manage_files_pattern($1, uwsgi_content_t, uwsgi_content_t) manage_lnk_files_pattern($1, uwsgi_content_t, uwsgi_content_t) manage_files_pattern($1, uwsgi_content_exec_t, uwsgi_content_exec_t) manage_lnk_files_pattern($1, uwsgi_content_exec_t, uwsgi_content_exec_t) optional_policy(` apache_manage_sys_content($1) ') ') ######################################## ##

## Execute uwsgi in the uwsgi domain. ##

## ##

## Domain allowed to transition. ##

## # interface(`uwsgi_domtrans',` gen_require(` type uwsgi_t, uwsgi_exec_t, uwsgi_content_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, uwsgi_exec_t, uwsgi_t) domtrans_pattern($1, uwsgi_content_exec_t, uwsgi_t) ') ######################################## ##

## Execute uwsgi in the callers domain. ##

## ##

## Domain allowed access. ##

## # interface(`uwsgi_content_exec',` gen_require(` type uwsgi_t, uwsgi_exec_t, uwsgi_content_exec_t; ') corecmd_search_bin($1) can_exec($1, uwsgi_content_exec_t) ') ######################################## ##

## All of the rules required to ## administrate a uWSGI environment. ##

## ##

## Domain allowed access. ##

## ## ##

## Role allowed access. ##

## ## # interface(`uwsgi_admin',` gen_require(` type uwsgi_t, uwsgi_exec_t, uwsgi_conf_t; type uwsgi_run_t, uwsgi_var_log_t, uwsgi_tmp_t; type uwsgi_content_t, uwsgi_content_exec_t; ') allow $1 uwsgi_t:process { ptrace signal_perms }; ps_process_pattern($1, uwsgi_t) files_search_etc($1) admin_pattern($1, { uwsgi_conf_t uwsgi_exec_t }) files_search_var($1) admin_pattern($1, { uwsgi_content_t uwsgi_content_exec_t }) logging_search_logs($1) admin_pattern($1, { uwsgi_var_log_t }) files_search_pids($1) admin_pattern($1, uwsgi_run_t) files_search_tmp($1) admin_pattern($1, uwsgi_tmp_t) corecmd_search_bin($1) domtrans_pattern($1, uwsgi_exec_t, uwsgi_t) can_exec($1, uwsgi_content_exec_t) optional_policy(` apache_manage_sys_content($1) ') ')