2010-05-24 19:32:01 +00:00
|
|
|
policy_module(sssd, 1.1.0)
|
2009-06-22 15:33:21 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
type sssd_t;
|
|
|
|
type sssd_exec_t;
|
|
|
|
init_daemon_domain(sssd_t, sssd_exec_t)
|
|
|
|
|
|
|
|
type sssd_initrc_exec_t;
|
|
|
|
init_script_file(sssd_initrc_exec_t)
|
|
|
|
|
2010-03-29 18:08:52 +00:00
|
|
|
type sssd_public_t;
|
|
|
|
files_pid_file(sssd_public_t)
|
|
|
|
|
2009-06-22 15:33:21 +00:00
|
|
|
type sssd_var_lib_t;
|
|
|
|
files_type(sssd_var_lib_t)
|
|
|
|
|
2010-01-07 14:00:59 +00:00
|
|
|
type sssd_var_log_t;
|
|
|
|
logging_log_file(sssd_var_log_t)
|
|
|
|
|
2009-06-22 15:33:21 +00:00
|
|
|
type sssd_var_run_t;
|
|
|
|
files_pid_file(sssd_var_run_t)
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# sssd local policy
|
|
|
|
#
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-24 07:17:22 +00:00
|
|
|
|
2010-08-26 13:41:21 +00:00
|
|
|
allow sssd_t self:capability { chown dac_read_search dac_override kill sys_nice setgid setuid };
|
2010-03-29 18:08:52 +00:00
|
|
|
allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
|
2009-06-22 15:33:21 +00:00
|
|
|
allow sssd_t self:fifo_file rw_file_perms;
|
2010-08-26 13:41:21 +00:00
|
|
|
allow sssd_t self:key manage_key_perms;
|
2009-06-22 15:33:21 +00:00
|
|
|
allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
|
|
|
|
2010-03-29 18:08:52 +00:00
|
|
|
manage_dirs_pattern(sssd_t, sssd_public_t, sssd_public_t)
|
|
|
|
manage_files_pattern(sssd_t, sssd_public_t, sssd_public_t)
|
|
|
|
|
2009-06-22 15:33:21 +00:00
|
|
|
manage_dirs_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
|
|
|
|
manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
|
|
|
|
manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-24 07:17:22 +00:00
|
|
|
files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir })
|
2009-06-22 15:33:21 +00:00
|
|
|
|
2010-01-07 14:00:59 +00:00
|
|
|
manage_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t)
|
|
|
|
logging_log_filetrans(sssd_t, sssd_var_log_t, file)
|
|
|
|
|
2009-06-22 15:33:21 +00:00
|
|
|
manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
|
|
|
|
manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
|
|
|
|
files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir })
|
|
|
|
|
2010-08-26 13:41:21 +00:00
|
|
|
kernel_read_network_state(sssd_t)
|
2009-06-22 15:33:21 +00:00
|
|
|
kernel_read_system_state(sssd_t)
|
|
|
|
|
|
|
|
corecmd_exec_bin(sssd_t)
|
|
|
|
|
|
|
|
dev_read_urand(sssd_t)
|
|
|
|
|
2010-03-29 18:08:52 +00:00
|
|
|
domain_read_all_domains_state(sssd_t)
|
|
|
|
domain_obj_id_change_exemption(sssd_t)
|
|
|
|
|
2009-06-22 15:33:21 +00:00
|
|
|
files_list_tmp(sssd_t)
|
|
|
|
files_read_etc_files(sssd_t)
|
|
|
|
files_read_usr_files(sssd_t)
|
|
|
|
|
2010-01-07 14:00:59 +00:00
|
|
|
fs_list_inotifyfs(sssd_t)
|
|
|
|
|
2010-03-29 18:08:52 +00:00
|
|
|
selinux_validate_context(sssd_t)
|
|
|
|
|
|
|
|
seutil_read_file_contexts(sssd_t)
|
|
|
|
|
|
|
|
mls_file_read_to_clearance(sssd_t)
|
|
|
|
|
2009-06-22 15:33:21 +00:00
|
|
|
auth_use_nsswitch(sssd_t)
|
|
|
|
auth_domtrans_chk_passwd(sssd_t)
|
|
|
|
auth_domtrans_upd_passwd(sssd_t)
|
|
|
|
|
|
|
|
init_read_utmp(sssd_t)
|
|
|
|
|
|
|
|
logging_send_syslog_msg(sssd_t)
|
|
|
|
logging_send_audit_msgs(sssd_t)
|
|
|
|
|
|
|
|
miscfiles_read_localization(sssd_t)
|
|
|
|
|
2010-08-26 13:41:21 +00:00
|
|
|
userdom_manage_tmp_role(system_r, sssd_t)
|
|
|
|
|
2009-06-22 15:33:21 +00:00
|
|
|
optional_policy(`
|
|
|
|
dbus_system_bus_client(sssd_t)
|
|
|
|
dbus_connect_system_bus(sssd_t)
|
|
|
|
')
|
2010-03-29 18:08:52 +00:00
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
kerberos_manage_host_rcache(sssd_t)
|
|
|
|
')
|