rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

kerberos patch from Dan Walsh

Browse Source
This commit is contained in:
Jeremy Solt 2010-04-08 16:02:18 -04:00 committed by Chris PeBenito
parent 46e16a2d2a
commit 01bfe1d20e
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
policy/modules/services/kerberos.if
View File

@ -74,7 +74,7 @@ interface(`kerberos_use',`
')
files_search_etc($1)
allow $1 krb5_conf_t:file read_file_perms;
read_files_pattern($1, krb5_conf_t, krb5_conf_t)
dontaudit $1 krb5_conf_t:file write;
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
dontaudit $1 krb5kdc_conf_t:file rw_file_perms;
@ -84,6 +84,10 @@ interface(`kerberos_use',`
selinux_dontaudit_validate_context($1)
seutil_dontaudit_read_file_contexts($1)
optional_policy(`
sssd_read_public_files($1)
')
tunable_policy(`allow_kerberos',`
allow $1 self:tcp_socket create_socket_perms;
allow $1 self:udp_socket create_socket_perms;

3
policy/modules/services/kerberos.te
View File

@ -112,6 +112,7 @@ files_pid_filetrans(kadmind_t, kadmind_var_run_t, file)
kernel_read_kernel_sysctls(kadmind_t)
kernel_list_proc(kadmind_t)
kernel_read_network_state(kadmind_t)
kernel_read_proc_symlinks(kadmind_t)
kernel_read_system_state(kadmind_t)
@ -283,7 +284,7 @@ allow kpropd_t self:fifo_file rw_file_perms;
allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
allow kpropd_t self:tcp_socket create_stream_socket_perms;
allow kpropd_t krb5_host_rcache_t:file rw_file_perms;
allow kpropd_t krb5_host_rcache_t:file manage_file_perms;
allow kpropd_t krb5_keytab_t:file read_file_perms;