2009-09-08 14:31:19 +00:00
|
|
|
## <summary>nslcd - local LDAP name service daemon.</summary>
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute a domain transition to run nslcd.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## <summary>
|
2009-09-08 14:31:19 +00:00
|
|
|
## Domain allowed to transition.
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## </summary>
|
2009-09-08 14:31:19 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`nslcd_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type nslcd_t, nslcd_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
domtrans_pattern($1, nslcd_exec_t, nslcd_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute nslcd server in the nslcd domain.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
2010-08-05 13:03:19 +00:00
|
|
|
## Domain allowed to transition.
|
2009-09-08 14:31:19 +00:00
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`nslcd_initrc_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type nslcd_initrc_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
init_labeled_script_domtrans($1, nslcd_initrc_exec_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Read nslcd PID files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`nslcd_read_pid_files',`
|
|
|
|
gen_require(`
|
|
|
|
type nslcd_var_run_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
files_search_pids($1)
|
|
|
|
allow $1 nslcd_var_run_t:file read_file_perms;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Connect to nslcd over an unix stream socket.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
2010-08-05 13:03:19 +00:00
|
|
|
## Domain allowed access.
|
2009-09-08 14:31:19 +00:00
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`nslcd_stream_connect',`
|
|
|
|
gen_require(`
|
|
|
|
type nslcd_t, nslcd_var_run_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
stream_connect_pattern($1, nslcd_var_run_t, nslcd_var_run_t, nslcd_t)
|
|
|
|
files_search_pids($1)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
2009-12-18 15:44:49 +00:00
|
|
|
## All of the rules required to administrate
|
2009-09-08 14:31:19 +00:00
|
|
|
## an nslcd environment
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## Role allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`nslcd_admin',`
|
|
|
|
gen_require(`
|
2010-09-20 10:09:09 +00:00
|
|
|
type nslcd_t, nslcd_initrc_exec_t, nslcd_var_run_t;
|
|
|
|
type nslcd_conf_t;
|
2009-09-08 14:31:19 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
ps_process_pattern($1, nslcd_t)
|
|
|
|
allow $1 nslcd_t:process { ptrace signal_perms };
|
|
|
|
|
|
|
|
# Allow nslcd_t to restart the apache service
|
|
|
|
nslcd_initrc_domtrans($1)
|
|
|
|
domain_system_change_exemption($1)
|
|
|
|
role_transition $2 nslcd_initrc_exec_t system_r;
|
|
|
|
allow $2 system_r;
|
|
|
|
|
2010-09-20 13:36:05 +00:00
|
|
|
files_list_etc($1)
|
2010-09-15 10:56:18 +00:00
|
|
|
admin_pattern($1, nslcd_conf_t)
|
2009-12-18 15:44:49 +00:00
|
|
|
|
2010-09-20 13:36:05 +00:00
|
|
|
files_list_pids($1)
|
2010-09-15 10:56:18 +00:00
|
|
|
admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
|
2009-09-08 14:31:19 +00:00
|
|
|
')
|