2005-04-29 17:45:15 +00:00
|
|
|
define(`can_kerberos',`
|
|
|
|
ifdef(`kerberos.te',`
|
|
|
|
if (allow_kerberos) {
|
|
|
|
can_network_client($1, `kerberos_port_t')
|
2005-09-16 19:36:10 +00:00
|
|
|
allow $1 kerberos_port_t:tcp_socket name_connect;
|
2005-04-29 17:45:15 +00:00
|
|
|
can_resolve($1)
|
|
|
|
}
|
|
|
|
') dnl kerberos.te
|
|
|
|
dontaudit $1 krb5_conf_t:file write;
|
|
|
|
allow $1 krb5_conf_t:file { getattr read };
|
|
|
|
')
|