selinux-policy/refpolicy/policy/modules/services/ldap.if

54 lines
1.0 KiB
Plaintext
Raw Normal View History

2005-08-17 18:33:43 +00:00
## <summary>OpenLDAP directory server</summary>
########################################
## <summary>
## Read the contents of the OpenLDAP
## database directories.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`ldap_list_db_dir',`
gen_require(`
type slapd_db_t;
')
allow $1 slapd_db_t:dir r_dir_perms;
')
########################################
## <summary>
## Read the OpenLDAP configuration files.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`ldap_read_config',`
gen_require(`
type slapd_etc_t;
')
files_search_etc($1)
allow $1 slapd_etc_t:file { getattr read };
')
2005-09-20 20:48:17 +00:00
########################################
## <summary>
## Use LDAP over TCP connection.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`ldap_use',`
gen_require(`
type slapd_t;
')
allow $1 slapd_t:tcp_socket { connectto recvfrom };
allow slapd_t $1:tcp_socket { acceptfrom recvfrom };
kernel_tcp_recvfrom($1)
')