SELinux policy for Oident daemon.

## ##

## Oident daemon is a server that implements the TCP/IP ## standard IDENT user identification protocol as ## specified in the RFC 1413 document. ##

## ######################################## ##

## Allow the specified domain to read ## Oidentd personal configuration files. ##

## ##

## Domain allowed access. ##

## # interface(`oident_read_user_content',` gen_require(` type oidentd_home_t; ') allow $1 oidentd_home_t:file read_file_perms; userdom_search_user_home_dirs($1) ') ######################################## ##

## Allow the specified domain to create, read, write, and delete ## Oidentd personal configuration files. ##

## ##

## Domain allowed access. ##

## # interface(`oident_manage_user_content',` gen_require(` type oidentd_home_t; ') allow $1 oidentd_home_t:file manage_file_perms; userdom_search_user_home_dirs($1) ') ######################################## ##

## Allow the specified domain to relabel ## Oidentd personal configuration files. ##

## ##

## Domain allowed access. ##

## # interface(`oident_relabel_user_content',` gen_require(` type oidentd_home_t; ') allow $1 oidentd_home_t:file relabel_file_perms; userdom_search_user_home_dirs($1) ') ######################################## ##

## All of the rules required to administrate ## an oident environment ##

## ##

## Domain allowed access. ##

## ## ##

## Role allowed access. ##

## ## # interface(`oident_admin',` gen_require(` type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t; ') allow $1 oidentd_t:process { ptrace signal_perms }; ps_process_pattern($1, oidentd_t) init_labeled_script_domtrans($1, oidentd_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 oidentd_initrc_exec_t system_r; allow $2 system_r; files_list_etc($1) admin_pattern($1, oidentd_config_t) ')