selinux-policy/policy/modules/services/sssd.te
Dominick Grift 1e2abee10b Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:33:26 +02:00

96 lines
2.3 KiB
Plaintext

policy_module(sssd, 1.1.0)
########################################
#
# Declarations
#
type sssd_t;
type sssd_exec_t;
init_daemon_domain(sssd_t, sssd_exec_t)
type sssd_initrc_exec_t;
init_script_file(sssd_initrc_exec_t)
type sssd_public_t;
files_pid_file(sssd_public_t)
type sssd_var_lib_t;
files_type(sssd_var_lib_t)
type sssd_var_log_t;
logging_log_file(sssd_var_log_t)
type sssd_var_run_t;
files_pid_file(sssd_var_run_t)
########################################
#
# sssd local policy
#
allow sssd_t self:capability { chown dac_read_search dac_override kill sys_nice setgid setuid };
allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
allow sssd_t self:fifo_file rw_file_perms;
allow sssd_t self:key manage_key_perms;
allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
manage_dirs_pattern(sssd_t, sssd_public_t, sssd_public_t)
manage_files_pattern(sssd_t, sssd_public_t, sssd_public_t)
manage_dirs_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir })
manage_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t)
logging_log_filetrans(sssd_t, sssd_var_log_t, file)
manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir })
kernel_read_network_state(sssd_t)
kernel_read_system_state(sssd_t)
corecmd_exec_bin(sssd_t)
dev_read_urand(sssd_t)
domain_read_all_domains_state(sssd_t)
domain_obj_id_change_exemption(sssd_t)
files_list_tmp(sssd_t)
files_read_etc_files(sssd_t)
files_read_usr_files(sssd_t)
fs_list_inotifyfs(sssd_t)
selinux_validate_context(sssd_t)
seutil_read_file_contexts(sssd_t)
mls_file_read_to_clearance(sssd_t)
auth_use_nsswitch(sssd_t)
auth_domtrans_chk_passwd(sssd_t)
auth_domtrans_upd_passwd(sssd_t)
init_read_utmp(sssd_t)
logging_send_syslog_msg(sssd_t)
logging_send_audit_msgs(sssd_t)
miscfiles_read_localization(sssd_t)
userdom_manage_tmp_role(system_r, sssd_t)
optional_policy(`
dbus_system_bus_client(sssd_t)
dbus_connect_system_bus(sssd_t)
')
optional_policy(`
kerberos_manage_host_rcache(sssd_t)
')