## MIT Kerberos admin and KDC ## ##

## This policy supports: ##

##

## Servers: ##

##

##

## Clients: ##

##

##
######################################## ## ## Use kerberos services ## ## ## Domain allowed access. ## # interface(`kerberos_use',` gen_require(` type krb5_conf_t; class files r_file_perms; ') tunable_policy(`allow_kerberos',` allow $1 self:tcp_socket { create connect ioctl read getattr write setattr append bind getopt setopt shutdown }; allow $1 self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect }; corenet_tcp_sendrecv_all_if($1) corenet_udp_sendrecv_all_if($1) corenet_raw_sendrecv_all_if($1) corenet_tcp_sendrecv_all_nodes($1) corenet_udp_sendrecv_all_nodes($1) corenet_raw_sendrecv_all_nodes($1) corenet_tcp_sendrecv_kerberos_port($1) corenet_udp_sendrecv_kerberos_port($1) corenet_tcp_bind_all_nodes($1) corenet_udp_bind_all_nodes($1) sysnet_read_config($1) tunable_policy(`use_dns',` corenet_udp_sendrecv_dns_port($1) ') ') files_search_etc($1) allow $1 krb5_conf_t:file { getattr read }; dontaudit $1 krb5_conf_t:file write; ') ######################################## ## ## Read the kerberos configuration file (/etc/krb5.conf). ## ## ## Domain allowed access. ## # interface(`kerberos_read_conf',` gen_require(` type krb5_conf_t; class files r_file_perms; ') files_search_etc($1) allow $1 krb5_conf_t:file r_file_perms; ')