kerberos patch from Dan Walsh
This commit is contained in:
parent
46e16a2d2a
commit
01bfe1d20e
@ -74,7 +74,7 @@ interface(`kerberos_use',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 krb5_conf_t:file read_file_perms;
|
read_files_pattern($1, krb5_conf_t, krb5_conf_t)
|
||||||
dontaudit $1 krb5_conf_t:file write;
|
dontaudit $1 krb5_conf_t:file write;
|
||||||
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
|
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
|
||||||
dontaudit $1 krb5kdc_conf_t:file rw_file_perms;
|
dontaudit $1 krb5kdc_conf_t:file rw_file_perms;
|
||||||
@ -84,6 +84,10 @@ interface(`kerberos_use',`
|
|||||||
selinux_dontaudit_validate_context($1)
|
selinux_dontaudit_validate_context($1)
|
||||||
seutil_dontaudit_read_file_contexts($1)
|
seutil_dontaudit_read_file_contexts($1)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
sssd_read_public_files($1)
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`allow_kerberos',`
|
tunable_policy(`allow_kerberos',`
|
||||||
allow $1 self:tcp_socket create_socket_perms;
|
allow $1 self:tcp_socket create_socket_perms;
|
||||||
allow $1 self:udp_socket create_socket_perms;
|
allow $1 self:udp_socket create_socket_perms;
|
||||||
|
@ -112,6 +112,7 @@ files_pid_filetrans(kadmind_t, kadmind_var_run_t, file)
|
|||||||
|
|
||||||
kernel_read_kernel_sysctls(kadmind_t)
|
kernel_read_kernel_sysctls(kadmind_t)
|
||||||
kernel_list_proc(kadmind_t)
|
kernel_list_proc(kadmind_t)
|
||||||
|
kernel_read_network_state(kadmind_t)
|
||||||
kernel_read_proc_symlinks(kadmind_t)
|
kernel_read_proc_symlinks(kadmind_t)
|
||||||
kernel_read_system_state(kadmind_t)
|
kernel_read_system_state(kadmind_t)
|
||||||
|
|
||||||
@ -283,7 +284,7 @@ allow kpropd_t self:fifo_file rw_file_perms;
|
|||||||
allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
|
allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow kpropd_t self:tcp_socket create_stream_socket_perms;
|
allow kpropd_t self:tcp_socket create_stream_socket_perms;
|
||||||
|
|
||||||
allow kpropd_t krb5_host_rcache_t:file rw_file_perms;
|
allow kpropd_t krb5_host_rcache_t:file manage_file_perms;
|
||||||
|
|
||||||
allow kpropd_t krb5_keytab_t:file read_file_perms;
|
allow kpropd_t krb5_keytab_t:file read_file_perms;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user