rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Sssd patch from Dan Walsh.

Browse Source
This commit is contained in:
Chris PeBenito 2010-01-07 09:00:59 -05:00
parent 207c4d1e6e
commit f3890b25db
3 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
policy/modules/services/sssd.fc
View File

@ -1,6 +1,9 @@
/etc/rc.d/init.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0) /etc/rc\.d/init\.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
/usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0) /usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0)
/var/lib/sss(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0) /var/lib/sss(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
/var/log/sssd(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0) /var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)

18
policy/modules/services/sssd.if
View File

@ -18,6 +18,24 @@ interface(`sssd_domtrans',`
domtrans_pattern($1, sssd_exec_t, sssd_t) domtrans_pattern($1, sssd_exec_t, sssd_t)
') ')
########################################
## <summary>
## Execute sssd server in the sssd domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sssd_initrc_domtrans',`
gen_require(`
type sssd_initrc_exec_t;
')
init_labeled_script_domtrans($1, sssd_initrc_exec_t)
')
######################################## ########################################
## <summary> ## <summary>
## Read sssd PID files. ## Read sssd PID files.

12
policy/modules/services/sssd.te
View File

@ -1,5 +1,5 @@
policy_module(sssd, 1.0.0) policy_module(sssd, 1.0.1)
######################################## ########################################
# #
@ -16,6 +16,9 @@ init_script_file(sssd_initrc_exec_t)
type sssd_var_lib_t; type sssd_var_lib_t;
files_type(sssd_var_lib_t) files_type(sssd_var_lib_t)
type sssd_var_log_t;
logging_log_file(sssd_var_log_t)
type sssd_var_run_t; type sssd_var_run_t;
files_pid_file(sssd_var_run_t) files_pid_file(sssd_var_run_t)
@ -23,7 +26,7 @@ files_pid_file(sssd_var_run_t)
# #
# sssd local policy # sssd local policy
# #
allow sssd_t self:capability { sys_nice setuid }; allow sssd_t self:capability { sys_nice setgid setuid };
allow sssd_t self:process { setsched signal getsched }; allow sssd_t self:process { setsched signal getsched };
allow sssd_t self:fifo_file rw_file_perms; allow sssd_t self:fifo_file rw_file_perms;
allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto }; allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
@ -33,6 +36,9 @@ manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t) manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir } ) files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir } )
manage_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t)
logging_log_filetrans(sssd_t, sssd_var_log_t, file)
manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t) manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t) manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir }) files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir })
@ -47,6 +53,8 @@ files_list_tmp(sssd_t)
files_read_etc_files(sssd_t) files_read_etc_files(sssd_t)
files_read_usr_files(sssd_t) files_read_usr_files(sssd_t)
fs_list_inotifyfs(sssd_t)
auth_use_nsswitch(sssd_t) auth_use_nsswitch(sssd_t)
auth_domtrans_chk_passwd(sssd_t) auth_domtrans_chk_passwd(sssd_t)
auth_domtrans_upd_passwd(sssd_t) auth_domtrans_upd_passwd(sssd_t)