Eric Lippmann
GitHub
commit
57c52cadfa
|
|
@ -1,5 +1,9 @@
|
|||
# Exclude files related to git when generating an archive
|
||||
test/ export-ignore
|
||||
.git* export-ignore
|
||||
CONTRIBUTING.md export-ignore
|
||||
icingaweb2-ruleset.xml export-ignore
|
||||
phpcs.xml export-ignore
|
||||
RELEASE.md export-ignore
|
||||
|
||||
# Include version information on `git archive'
|
||||
/application/VERSION export-subst
|
||||
|
|
|
|||
|
|
@ -183,7 +183,7 @@ CREATE DATABASE icingaweb2;
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icingaweb2.* TO 'icingaweb2'@'localhost' IDENTIFIED BY 'icingaweb2';
|
||||
quit
|
||||
|
||||
mysql -p icingaweb2 < /usr/share/doc/icingaweb2/schema/mysql.schema.sql
|
||||
mysql -p icingaweb2 < /usr/share/icingaweb2/schema/mysql.schema.sql
|
||||
```
|
||||
|
||||
|
||||
|
|
@ -318,7 +318,7 @@ and all the other steps described above first.
|
|||
1. Install PHP dependencies: `php`, `php-intl`, `php-imagick`, `php-gd`, `php-mysql`, `php-curl`, `php-mbstring` used
|
||||
by Icinga Web 2.
|
||||
2. Create a database for Icinga Web 2, i.e. `icingaweb2`.
|
||||
3. Import the database schema: `mysql -D icingaweb2 < /usr/share/icingaweb2/etc/schema/mysql.schema.sql`.
|
||||
3. Import the database schema: `mysql -D icingaweb2 < /usr/share/icingaweb2/schema/mysql.schema.sql`.
|
||||
4. Insert administrator user in the `icingaweb2` database:
|
||||
`INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('admin', 1, '<hash>')`, where `<hash>` is the output
|
||||
of `php -r 'echo password_hash("yourtopsecretpassword", PASSWORD_DEFAULT);'`.
|
||||
|
|
|
|||
|
|
@ -13,8 +13,9 @@ v2.6 to v2.8 requires to follow the instructions for v2.7 too.
|
|||
**Database Schema**
|
||||
|
||||
* Please apply the `v2.11.0.sql` upgrade script depending on your database vendor.
|
||||
In package installations this file can be found in `/usr/share/doc/icingaweb2/schema/*-upgrades/`
|
||||
(Debian/Ubuntu: `/usr/share/icingaweb2/etc/schema/*-upgrades/`).
|
||||
As of version `2.11.4`, upgrade scripts can be found at `/usr/share/icingaweb2/schema/*-upgrades/`.
|
||||
Older versions install these files to `/usr/share/doc/icingaweb2/schema/*-upgrades/` for RPM-based systems
|
||||
and `/usr/share/icingaweb2/etc/schema/*-upgrades/` for Debian or Ubuntu.
|
||||
|
||||
**Breaking changes**
|
||||
|
||||
|
|
|
|||
|
|
@ -13,65 +13,13 @@ For a simplified (and funny) introduction download the [SELinux Coloring Book](h
|
|||
|
||||
## Policy <a id="selinux-policy"></a>
|
||||
|
||||
Icinga Web 2 is providing its own SELinux policy for Red Hat Enterprise Linux 7 and its derivates running the targeted
|
||||
policy which confines Icinga Web 2 with support for all its modules. All other distributions will require some tweaks.
|
||||
It is not upstreamed to the reference policies yet.
|
||||
Icinga Web 2 is providing its own SELinux policy for RPM-based systems running the targeted policy
|
||||
which confines Icinga Web 2 with support for all its modules.
|
||||
|
||||
The policy for Icinga Web 2 will also require the policy for Icinga 2 which provides access to its interfaces.
|
||||
It covers only the scenario running Icinga Web 2 in Apache HTTP Server with mod_php.
|
||||
|
||||
## Installation <a id="selinux-policy-installation"></a>
|
||||
|
||||
There are two ways to install the SELinux Policy for Icinga Web 2 on Enterprise Linux 7.
|
||||
Either install it from the provided package which is the preferred option or intall the policy manually, if you need
|
||||
fixes which are not yet released.
|
||||
|
||||
Verify that the system runs in enforcing mode.
|
||||
|
||||
sestatus
|
||||
# SELinux status: enabled
|
||||
# SELinuxfs mount: /sys/fs/selinux
|
||||
# SELinux root directory: /etc/selinux
|
||||
# Loaded policy name: targeted
|
||||
# Current mode: enforcing
|
||||
# Mode from config file: enforcing
|
||||
# Policy MLS status: enabled
|
||||
# Policy deny_unknown status: allowed
|
||||
# Max kernel policy version: 28
|
||||
|
||||
If problems occur, you can set icinga2 or httpd to run to run its domain in permissive mode.
|
||||
You can change the configured mode by editing `/etc/selinux/config` and the current mode by executing `setenforce 0`.
|
||||
|
||||
### Package installation <a id="selinux-policy-installation-package"></a>
|
||||
|
||||
Simply add the `selinux` subpackage to your installation.
|
||||
|
||||
yum install icingaweb2-selinux
|
||||
|
||||
### Manual installation <a id="selinux-policy-installation-manual"></a>
|
||||
|
||||
This section describes the manual installation to support development and testing.
|
||||
|
||||
As a prerequisite install the `git`, `selinux-policy-devel` and `audit` package. Enable and start the audit daemon
|
||||
afterwards.
|
||||
|
||||
yum install git selinux-policy-devel audit
|
||||
systemctl enable auditd.service
|
||||
systemctl start auditd.service
|
||||
|
||||
To create and install the policy package run the installation script from the Icinga Web 2 source which also labels the
|
||||
resources.
|
||||
|
||||
cd packages/selinux/
|
||||
./icingaweb2.sh
|
||||
|
||||
Verify that Apache runs in its own domain `httpd_t` and the Icinga Web 2 configuration has its own context
|
||||
`icingaweb2_config_t`.
|
||||
|
||||
ps -eZ | grep http
|
||||
# system_u:system_r:httpd_t:s0 9785 ? 00:00:00 httpd
|
||||
ls -ldZ /etc/icingaweb2/
|
||||
# drwxrws---. root icingaweb2 system_u:object_r:icingaweb2_config_t:s0 /etc/icingaweb2/
|
||||
Use your distribution's package manager to install the `icingaweb2-selinux` package.
|
||||
|
||||
## General <a id="selinux-policy-general"></a>
|
||||
|
||||
|
|
|
|||
|
|
@ -445,7 +445,7 @@ class WebWizard extends Wizard implements SetupWizard
|
|||
? $pageData['setup_auth_db_creation']['password']
|
||||
: null,
|
||||
'schemaPath' => Config::module('setup')
|
||||
->get('schema', 'path', Icinga::app()->getBaseDir('etc' . DIRECTORY_SEPARATOR . 'schema'))
|
||||
->get('schema', 'path', Icinga::app()->getBaseDir('schema'))
|
||||
))
|
||||
);
|
||||
} elseif (isset($pageData['setup_config_db_resource'])
|
||||
|
|
@ -466,7 +466,7 @@ class WebWizard extends Wizard implements SetupWizard
|
|||
? $pageData['setup_config_db_creation']['password']
|
||||
: null,
|
||||
'schemaPath' => Config::module('setup')
|
||||
->get('schema', 'path', Icinga::app()->getBaseDir('etc' . DIRECTORY_SEPARATOR . 'schema'))
|
||||
->get('schema', 'path', Icinga::app()->getBaseDir('schema'))
|
||||
))
|
||||
);
|
||||
}
|
||||
|
|
|
|||
110
packages/RPM.md
110
packages/RPM.md
|
|
@ -1,110 +0,0 @@
|
|||
# Icinga Web 2 README for RPM Packages
|
||||
|
||||
This file will describe how to install Icinga Web 2 from an RPM
|
||||
package (RHEL/CentOS/Fedora, SLES/OpenSUSE).
|
||||
|
||||
## Requirements
|
||||
|
||||
* EPEL/OBS Repository for Zend Framework
|
||||
* Apache 2.2+
|
||||
* PHP 5.3+, Zend Framework, PHP PDO MySQL/PostgreSQL, PHP LDAP (optional)
|
||||
* MySQL or PostgreSQL for internal DB
|
||||
* Icinga 1.x or 2.x providing an IDO database (default: `icinga`)
|
||||
* Icinga 1.x or 2.x providing an external command pipe (default: `icinga2.cmd`)
|
||||
|
||||
### SELinux
|
||||
|
||||
Disabled SELinux for sending commands via external command pipe
|
||||
provided by Icinga (2) Core.
|
||||
|
||||
setenforce 0
|
||||
|
||||
## Webserver Configuration
|
||||
|
||||
Can be generated using the following local icingacli command:
|
||||
|
||||
/usr/share/icingaweb2/bin/icingacli setup config webserver apache
|
||||
|
||||
Pipe the output into `/etc/httpd/conf.d/icingaweb2.conf` or similar,
|
||||
if not already existing.
|
||||
|
||||
## Setup Wizard
|
||||
|
||||
Navigate to `/icingaweb/setup` and follow the on-screen instructions.
|
||||
|
||||
|
||||
## Support
|
||||
|
||||
Please use one of the listed support channels at https://support.icinga.com
|
||||
|
||||
|
||||
## Manual Setup
|
||||
|
||||
### Internal DB Setup
|
||||
|
||||
Decide whether to use MySQL or PostgreSQL.
|
||||
|
||||
#### MySQL
|
||||
|
||||
mysql -u root -p
|
||||
CREATE USER `icingaweb`@`localhost` IDENTIFIED BY 'icingaweb';
|
||||
CREATE DATABASE `icingaweb`;
|
||||
GRANT ALL PRIVILEGES ON `icingaweb`.* TO `icingaweb`@`localhost`;
|
||||
FLUSH PRIVILEGES;
|
||||
quit
|
||||
|
||||
mysql -u root -p icingaweb < /usr/share/doc/icingaweb2*/schema/mysql.schema..sql
|
||||
|
||||
#### PostgreSQL
|
||||
|
||||
sudo su postgres
|
||||
psql
|
||||
postgres=# CREATE USER icingaweb WITH PASSWORD 'icingaweb';
|
||||
postgres=# CREATE DATABASE icingaweb;
|
||||
postgres=# \q
|
||||
|
||||
Add the `icingaweb` user for trusted authentication to your `pg_hba.conf` file
|
||||
in `/var/lib/pgsql/data/pg_hba.conf` and restart the PostgreSQL server.
|
||||
|
||||
local icingaweb icingaweb trust
|
||||
host icingaweb icingaweb 127.0.0.1/32 trust
|
||||
host icingaweb icingaweb ::1/128 trust
|
||||
|
||||
Now install the `icingaweb` schema
|
||||
|
||||
bash$ psql -U icingaweb -a -f /usr/share/doc/icingaweb2*/schema/pgsql.schema.sql
|
||||
|
||||
|
||||
### Configuration
|
||||
|
||||
#### Module Configuration
|
||||
|
||||
The monitoring module is enabled by default.
|
||||
|
||||
#### Backend configuration
|
||||
|
||||
`/etc/icingaweb2/resources.ini` contains the database backend information.
|
||||
By default the Icinga 2 DB IDO is used by the monitoring module in
|
||||
`/etc/icingaweb2/modules/monitoring/backends.ini`
|
||||
|
||||
The external command pipe is required for sending commands
|
||||
and configured for Icinga 2 in
|
||||
`/etc/icingaweb2/modules/monitoring/commandtransports.ini`
|
||||
|
||||
#### Authentication configuration
|
||||
|
||||
The `/etc/icingaweb2/authentication.ini` file uses the internal database as
|
||||
default. This requires the database being installed properly before
|
||||
allowing users to login via web console.
|
||||
|
||||
#### Default User
|
||||
|
||||
When not using the default setup wizard, you can generate a secure password hash with openssl
|
||||
and insert that manually like so:
|
||||
|
||||
openssl passwd -1 "yoursecurepassword"
|
||||
|
||||
mysql -uicingaweb -p icingaweb
|
||||
|
||||
mysql> INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '$yoursecurepassword_hash');
|
||||
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
Alias /icingaweb2 "/usr/share/icingaweb2/public"
|
||||
|
||||
# Remove comments if you want to use PHP FPM and your Apache version is older than 2.4
|
||||
#<IfVersion < 2.4>
|
||||
# # Forward PHP requests to FPM
|
||||
# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
# <LocationMatch "^{urlPath}/(.*\.php)$">
|
||||
# ProxyPassMatch "fcgi://127.0.0.1:9000/{documentRoot}/$1"
|
||||
# </LocationMatch>
|
||||
#</IfVersion>
|
||||
|
||||
<Directory "/usr/share/icingaweb2/public">
|
||||
Options SymLinksIfOwnerMatch
|
||||
AllowOverride None
|
||||
|
||||
DirectoryIndex index.php
|
||||
|
||||
<IfModule mod_authz_core.c>
|
||||
# Apache 2.4
|
||||
<RequireAll>
|
||||
Require all granted
|
||||
</RequireAll>
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_authz_core.c>
|
||||
# Apache 2.2
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
|
||||
SetEnv ICINGAWEB_CONFIGDIR "/etc/icingaweb2"
|
||||
|
||||
EnableSendfile Off
|
||||
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine on
|
||||
RewriteBase /icingaweb2/
|
||||
RewriteCond %{REQUEST_FILENAME} -s [OR]
|
||||
RewriteCond %{REQUEST_FILENAME} -l [OR]
|
||||
RewriteCond %{REQUEST_FILENAME} -d
|
||||
RewriteRule ^.*$ - [NC,L]
|
||||
RewriteRule ^.*$ index.php [NC,L]
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_rewrite.c>
|
||||
DirectoryIndex error_norewrite.html
|
||||
ErrorDocument 404 /icingaweb2/error_norewrite.html
|
||||
</IfModule>
|
||||
|
||||
# Remove comments if you want to use PHP FPM and your Apache version
|
||||
# is greater than or equal to 2.4
|
||||
# <IfVersion >= 2.4>
|
||||
# # Forward PHP requests to FPM
|
||||
# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
# <FilesMatch "\.php$">
|
||||
# SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
# ErrorDocument 503 {urlPath}/error_unavailable.html
|
||||
# </FilesMatch>
|
||||
# </IfVersion>
|
||||
</Directory>
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
Alias /icingaweb2 "/usr/share/icingaweb2/public"
|
||||
|
||||
<IfVersion < 2.4>
|
||||
# Forward PHP requests to FPM
|
||||
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
<LocationMatch "^/icingaweb2/(.*\.php)$">
|
||||
ProxyPassMatch "fcgi://127.0.0.1:9000/usr/share/icingaweb2/public/$1"
|
||||
</LocationMatch>
|
||||
</IfVersion>
|
||||
|
||||
<Directory "/usr/share/icingaweb2/public">
|
||||
Options SymLinksIfOwnerMatch
|
||||
AllowOverride None
|
||||
|
||||
DirectoryIndex index.php
|
||||
|
||||
<IfModule mod_authz_core.c>
|
||||
# Apache 2.4
|
||||
<RequireAll>
|
||||
Require all granted
|
||||
</RequireAll>
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_authz_core.c>
|
||||
# Apache 2.2
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
|
||||
SetEnv ICINGAWEB_CONFIGDIR "/etc/icingaweb2"
|
||||
|
||||
EnableSendfile Off
|
||||
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine on
|
||||
RewriteBase /icingaweb2/
|
||||
RewriteCond %{REQUEST_FILENAME} -s [OR]
|
||||
RewriteCond %{REQUEST_FILENAME} -l [OR]
|
||||
RewriteCond %{REQUEST_FILENAME} -d
|
||||
RewriteRule ^.*$ - [NC,L]
|
||||
RewriteRule ^.*$ index.php [NC,L]
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_rewrite.c>
|
||||
DirectoryIndex error_norewrite.html
|
||||
ErrorDocument 404 /icingaweb2/error_norewrite.html
|
||||
</IfModule>
|
||||
|
||||
<IfVersion >= 2.4>
|
||||
# Forward PHP requests to FPM
|
||||
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
ErrorDocument 503 /icingaweb2/error_unavailable.html
|
||||
</FilesMatch>
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
#!/usr/bin/php
|
||||
<?php
|
||||
/*! Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
|
||||
|
||||
require_once '/usr/share/php/Icinga/Application/Cli.php';
|
||||
|
||||
Icinga\Application\Cli::start('/usr/share/icingaweb2')->dispatch();
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[documentation]
|
||||
icingaweb2 = /usr/share/doc/icingaweb2/markdown
|
||||
modules = /usr/share/doc/icingaweb2/modules/{module}/markdown
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
[schema]
|
||||
path = /usr/share/doc/icingaweb2/schema
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
[translation]
|
||||
msgmerge = /usr/bin/msgmerge
|
||||
xgettext = /usr/bin/xgettext
|
||||
msgfmt = /usr/bin/msgfmt
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
<?php
|
||||
/*! Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
|
||||
|
||||
require_once '/usr/share/php/Icinga/Application/webrouter.php';
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
/etc/icingaweb2(/.*)? gen_context(system_u:object_r:icingaweb2_config_t,s0)
|
||||
|
||||
/usr/share/icingaweb2(/.*)? gen_context(system_u:object_r:icingaweb2_content_t,s0)
|
||||
|
||||
/var/log/icingaweb2(/.*)? gen_context(system_u:object_r:icingaweb2_rw_content_t,s0)
|
||||
/var/cache/icingaweb2(/.*)? gen_context(system_u:object_r:icingaweb2_rw_content_t,s0)
|
||||
/var/lib/icingaweb2(/.*)? gen_context(system_u:object_r:icingaweb2_rw_content_t,s0)
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
########################################
|
||||
## <summary>
|
||||
## Allow the specified domain to read
|
||||
## icingaweb2 configuration files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`icingaweb2_read_config',`
|
||||
gen_require(`
|
||||
type icingaweb2_config_t;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
list_dirs_pattern($1, icingaweb2_config_t, icingaweb2_config_t)
|
||||
read_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t)
|
||||
read_lnk_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow the specified domain to read
|
||||
## and write icingaweb2 configuration files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`icingaweb2_manage_config',`
|
||||
gen_require(`
|
||||
type icingaweb2_config_t;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
manage_dirs_pattern($1, icingaweb2_config_t, icingaweb2_config_t)
|
||||
manage_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t)
|
||||
manage_lnk_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t)
|
||||
')
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
DIRNAME=`dirname $0`
|
||||
cd $DIRNAME
|
||||
USAGE="$0 [ --update ]"
|
||||
if [ `id -u` != 0 ]; then
|
||||
echo 'You must be root to run this script'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $# -eq 1 ]; then
|
||||
if [ "$1" = "--update" ] ; then
|
||||
time=`ls -l --time-style="+%x %X" icingaweb2.te | awk '{ printf "%s %s", $6, $7 }'`
|
||||
rules=`ausearch --start $time -m avc --raw -se icinga2`
|
||||
if [ x"$rules" != "x" ] ; then
|
||||
echo "Found avc's to update policy with"
|
||||
echo -e "$rules" | audit2allow -R
|
||||
echo "Do you want these changes added to policy [y/n]?"
|
||||
read ANS
|
||||
if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then
|
||||
echo "Updating policy"
|
||||
echo -e "$rules" | audit2allow -R >> icingaweb2.te
|
||||
# Fall though and rebuild policy
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
else
|
||||
echo "No new avcs found"
|
||||
exit 0
|
||||
fi
|
||||
else
|
||||
echo -e $USAGE
|
||||
exit 1
|
||||
fi
|
||||
elif [ $# -ge 2 ] ; then
|
||||
echo -e $USAGE
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Building and Loading Policy"
|
||||
set -x
|
||||
make -f /usr/share/selinux/devel/Makefile icingaweb2.pp || exit
|
||||
/usr/sbin/semodule -i icingaweb2.pp
|
||||
|
||||
# Generate a man page off the installed module
|
||||
#sepolicy manpage -p . -d icingaweb2_t
|
||||
# Fixing the file context on /etc/icingaweb2
|
||||
/sbin/restorecon -F -R -v /etc/icingaweb2
|
||||
# Fixing the file context on /var/log/icingaweb2
|
||||
/sbin/restorecon -F -R -v /var/log/icingaweb2
|
||||
# Fixing the file context on /usr/share/icingaweb2
|
||||
/sbin/restorecon -F -R -v /usr/share/icingaweb2
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
policy_module(icingaweb2, 0.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
require {
|
||||
type httpd_t;
|
||||
}
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow Apache to manage icingaweb2 configuration
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(httpd_can_manage_icingaweb2_config, true)
|
||||
|
||||
type icingaweb2_config_t;
|
||||
files_config_file(icingaweb2_config_t)
|
||||
|
||||
optional_policy(`
|
||||
apache_content_template(icingaweb2)
|
||||
icingaweb2_read_config(httpd_t)
|
||||
tunable_policy(`httpd_can_manage_icingaweb2_config',`
|
||||
icingaweb2_manage_config(httpd_t)
|
||||
')
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue