## SELinux policy for Oident daemon. ## ##

## Oident daemon is a server that implements the TCP/IP ## standard IDENT user identification protocol as ## specified in the RFC 1413 document. ##

##
######################################## ## ## Allow the specified domain to read ## Oidentd personal configuration files. ## ## ## ## Domain allowed access. ## ## # interface(`oident_read_user_content',` gen_require(` type oidentd_home_t; ') allow $1 oidentd_home_t:file read_file_perms; userdom_search_user_home_dirs($1) ') ######################################## ## ## Allow the specified domain to create, read, write, and delete ## Oidentd personal configuration files. ## ## ## ## Domain allowed access. ## ## # interface(`oident_manage_user_content',` gen_require(` type oidentd_home_t; ') allow $1 oidentd_home_t:file manage_file_perms; userdom_search_user_home_dirs($1) ') ######################################## ## ## Allow the specified domain to relabel ## Oidentd personal configuration files. ## ## ## ## Domain allowed access. ## ## # interface(`oident_relabel_user_content',` gen_require(` type oidentd_home_t; ') allow $1 oidentd_home_t:file relabel_file_perms; userdom_search_user_home_dirs($1) ') ######################################## ## ## All of the rules required to administrate ## an oident environment ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`oident_admin',` gen_require(` type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t; ') allow $1 oidentd_t:process { ptrace signal_perms }; ps_process_pattern($1, oidentd_t) init_labeled_script_domtrans($1, oidentd_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 oidentd_initrc_exec_t system_r; allow $2 system_r; files_search_etc($1) admin_pattern($1, oidentd_config_t) ')