Patch for handling restart of nscd when ran from useradd, groupadd, and admin passwd, from Dan Walsh.
This commit is contained in:
parent
59bedc1886
commit
cdc91b9aeb
@ -1,3 +1,5 @@
|
||||
- Patch for handling restart of nscd when ran from useradd, groupadd, and
|
||||
admin passwd, from Dan Walsh.
|
||||
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
|
||||
- Patch for setroubleshoot for validating file contexts from Dan Walsh.
|
||||
- Patch for gssd fixes from Dan Walsh.
|
||||
|
@ -101,6 +101,7 @@ interface(`usermanage_run_groupadd',`
|
||||
usermanage_domtrans_groupadd($1)
|
||||
role $2 types groupadd_t;
|
||||
allow groupadd_t $3:chr_file rw_term_perms;
|
||||
nscd_run(groupadd_t, $2, $3)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -206,6 +207,7 @@ interface(`usermanage_run_admin_passwd',`
|
||||
usermanage_domtrans_admin_passwd($1)
|
||||
role $2 types sysadm_passwd_t;
|
||||
allow sysadm_passwd_t $3:chr_file rw_term_perms;
|
||||
nscd_run(sysadm_passwd_t, $2, $3)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -258,6 +260,7 @@ interface(`usermanage_run_useradd',`
|
||||
usermanage_domtrans_useradd($1)
|
||||
role $2 types useradd_t;
|
||||
allow useradd_t $3:chr_file rw_term_perms;
|
||||
nscd_run(useradd_t, $2, $3)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(usermanage,1.5.1)
|
||||
policy_module(usermanage,1.5.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -256,10 +256,6 @@ optional_policy(`
|
||||
dpkg_rw_pipes(groupadd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_domtrans(groupadd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
rpm_use_fds(groupadd_t)
|
||||
rpm_rw_pipes(groupadd_t)
|
||||
@ -444,7 +440,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_domtrans(sysadm_passwd_t)
|
||||
nscd_socket_use(sysadm_passwd_t)
|
||||
')
|
||||
|
||||
@ -539,10 +534,6 @@ optional_policy(`
|
||||
dpkg_rw_pipes(useradd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_domtrans(useradd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
rpm_use_fds(useradd_t)
|
||||
rpm_rw_pipes(useradd_t)
|
||||
|
@ -173,3 +173,34 @@ interface(`nscd_unconfined',`
|
||||
|
||||
allow $1 nscd_t:nscd *;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute nscd in the nscd domain, and
|
||||
## allow the specified role the nscd domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed the nscd domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the role's terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`nscd_run',`
|
||||
gen_require(`
|
||||
type nscd_t;
|
||||
')
|
||||
|
||||
nscd_domtrans($1)
|
||||
role $2 types nscd_t;
|
||||
dontaudit nscd_t $3:chr_file rw_term_perms;
|
||||
')
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(nscd,1.3.1)
|
||||
policy_module(nscd,1.3.2)
|
||||
|
||||
gen_require(`
|
||||
class nscd all_nscd_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user