61f4064286
Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces.
103 lines
2.2 KiB
Plaintext
103 lines
2.2 KiB
Plaintext
## <summary>SELinux policy for Oident daemon.</summary>
|
|
## <desc>
|
|
## <p>
|
|
## Oident daemon is a server that implements the TCP/IP
|
|
## standard IDENT user identification protocol as
|
|
## specified in the RFC 1413 document.
|
|
## </p>
|
|
## </desc>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow the specified domain to read
|
|
## Oidentd personal configuration files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`oident_read_user_content',`
|
|
gen_require(`
|
|
type oidentd_home_t;
|
|
')
|
|
|
|
allow $1 oidentd_home_t:file read_file_perms;
|
|
userdom_search_user_home_dirs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow the specified domain to create, read, write, and delete
|
|
## Oidentd personal configuration files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`oident_manage_user_content',`
|
|
gen_require(`
|
|
type oidentd_home_t;
|
|
')
|
|
|
|
allow $1 oidentd_home_t:file manage_file_perms;
|
|
userdom_search_user_home_dirs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow the specified domain to relabel
|
|
## Oidentd personal configuration files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`oident_relabel_user_content',`
|
|
gen_require(`
|
|
type oidentd_home_t;
|
|
')
|
|
|
|
allow $1 oidentd_home_t:file relabel_file_perms;
|
|
userdom_search_user_home_dirs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an oident environment
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`oident_admin',`
|
|
gen_require(`
|
|
type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t;
|
|
')
|
|
|
|
allow $1 oidentd_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, oidentd_t)
|
|
|
|
init_labeled_script_domtrans($1, oidentd_initrc_exec_t)
|
|
domain_system_change_exemption($1)
|
|
role_transition $2 oidentd_initrc_exec_t system_r;
|
|
allow $2 system_r;
|
|
|
|
files_list_etc($1)
|
|
admin_pattern($1, oidentd_config_t)
|
|
')
|