selinux-policy/policy/modules/services/nslcd.if

## <summary>nslcd - local LDAP name service daemon.</summary>

########################################
## <summary>
##	Execute a domain transition to run nslcd.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`nslcd_domtrans',`
	gen_require(`
		type nslcd_t, nslcd_exec_t;
	')

	domtrans_pattern($1, nslcd_exec_t, nslcd_t)
')

########################################
## <summary>
##	Execute nslcd server in the nslcd domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`nslcd_initrc_domtrans',`
	gen_require(`
		type nslcd_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, nslcd_initrc_exec_t)
')

########################################
## <summary>
##	Read nslcd PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`nslcd_read_pid_files',`
	gen_require(`
		type nslcd_var_run_t;
	')

	files_search_pids($1)
	allow $1 nslcd_var_run_t:file read_file_perms;
')

########################################
## <summary>
##	Connect to nslcd over an unix stream socket.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`nslcd_stream_connect',`
	gen_require(`
		type nslcd_t, nslcd_var_run_t;
	')

	stream_connect_pattern($1, nslcd_var_run_t, nslcd_var_run_t, nslcd_t)
	files_search_pids($1)
')

########################################
## <summary>
##	All of the rules required to administrate
##	an nslcd environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`nslcd_admin',`
	gen_require(`
		type nslcd_t, nslcd_initrc_exec_t, nslcd_var_run_t;
		type nslcd_conf_t;
	')

	ps_process_pattern($1, nslcd_t)
	allow $1 nslcd_t:process { ptrace signal_perms };

	# Allow nslcd_t to restart the apache service
	nslcd_initrc_domtrans($1)
	domain_system_change_exemption($1)
	role_transition $2 nslcd_initrc_exec_t system_r;
	allow $2 system_r;

	files_list_etc($1)
	admin_pattern($1, nslcd_conf_t)

	files_list_pids($1)
	admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
')
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`## <summary>nslcd - local LDAP name service daemon.</summary>`

			`########################################`
			`## <summary>`
			`## Execute a domain transition to run nslcd.`
			`## </summary>`
			`## <param name="domain">`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-20 09:48:51 +00:00			`## <summary>`
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`## Domain allowed to transition.`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-20 09:48:51 +00:00			`## </summary>`
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`## </param>`
			`#`
			interface(`nslcd_domtrans',`
			gen_require(`
			`type nslcd_t, nslcd_exec_t;`
			`')`

			`domtrans_pattern($1, nslcd_exec_t, nslcd_t)`
			`')`

			`########################################`
			`## <summary>`
			`## Execute nslcd server in the nslcd domain.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
Services layer xml files. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-08-05 13:03:19 +00:00			`## Domain allowed to transition.`
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`## </summary>`
			`## </param>`
			`#`
			interface(`nslcd_initrc_domtrans',`
			gen_require(`
			`type nslcd_initrc_exec_t;`
			`')`

			`init_labeled_script_domtrans($1, nslcd_initrc_exec_t)`
			`')`

			`########################################`
			`## <summary>`
			`## Read nslcd PID files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`nslcd_read_pid_files',`
			gen_require(`
			`type nslcd_var_run_t;`
			`')`

			`files_search_pids($1)`
			`allow $1 nslcd_var_run_t:file read_file_perms;`
			`')`

			`########################################`
			`## <summary>`
			`## Connect to nslcd over an unix stream socket.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
Services layer xml files. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-08-05 13:03:19 +00:00			`## Domain allowed access.`
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`## </summary>`
			`## </param>`
			`#`
			interface(`nslcd_stream_connect',`
			gen_require(`
			`type nslcd_t, nslcd_var_run_t;`
			`')`

			`stream_connect_pattern($1, nslcd_var_run_t, nslcd_var_run_t, nslcd_t)`
			`files_search_pids($1)`
			`')`

			`########################################`
			`## <summary>`
Nslcd patch from Dan Walsh. 2009-12-18 15:44:49 +00:00			`## All of the rules required to administrate`
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`## an nslcd environment`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`## <param name="role">`
			`## <summary>`
			`## Role allowed access.`
			`## </summary>`
			`## </param>`
			`## <rolecap/>`
			`#`
			interface(`nslcd_admin',`
			gen_require(`
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Syntax error. Squash me with 959aa527a5394d23b994ecf75347d2445106d0c4 Replace type and attributes statements by comma delimiters where possible. Syntax error. Squach me with 779a708452142d6e4ac2ba2a158f724782a03291 Replace type and attributes statements by comma delimiters where possible. Syntax error. Squash me with 89180ea115794aadddaa9b356ab1dfcdc9ff102 2010-09-20 10:09:09 +00:00			`type nslcd_t, nslcd_initrc_exec_t, nslcd_var_run_t;`
			`type nslcd_conf_t;`
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`')`

			`ps_process_pattern($1, nslcd_t)`
			`allow $1 nslcd_t:process { ptrace signal_perms };`

			`# Allow nslcd_t to restart the apache service`
			`nslcd_initrc_domtrans($1)`
			`domain_system_change_exemption($1)`
			`role_transition $2 nslcd_initrc_exec_t system_r;`
			`allow $2 system_r;`

Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. 2010-09-20 13:36:05 +00:00			`files_list_etc($1)`
Use admin_pattern. Allow nslcd_admin to search parent directories to be able to interact with nslcd content. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-09-15 10:56:18 +00:00			`admin_pattern($1, nslcd_conf_t)`
Nslcd patch from Dan Walsh. 2009-12-18 15:44:49 +00:00
Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. 2010-09-20 13:36:05 +00:00			`files_list_pids($1)`
Use admin_pattern. Allow nslcd_admin to search parent directories to be able to interact with nslcd content. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-09-15 10:56:18 +00:00			`admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)`
nslcd policy from dan. 2009-09-08 14:31:19 +00:00			`')`