f66acfd9f2
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.
106 lines
2.4 KiB
Plaintext
106 lines
2.4 KiB
Plaintext
## <summary>Likewise Active Directory support for UNIX.</summary>
|
|
## <desc>
|
|
## <p>
|
|
## Likewise Open is a free, open source application that joins Linux, Unix,
|
|
## and Mac machines to Microsoft Active Directory to securely authenticate
|
|
## users with their domain credentials.
|
|
## </p>
|
|
## </desc>
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template to define a likewise domain.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a domain to be used for
|
|
## a new likewise daemon.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The type of daemon to be used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`likewise_domain_template',`
|
|
|
|
gen_require(`
|
|
attribute likewise_domains;
|
|
type likewise_var_lib_t;
|
|
')
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type $1_t;
|
|
type $1_exec_t;
|
|
init_daemon_domain($1_t, $1_exec_t)
|
|
domain_use_interactive_fds($1_t)
|
|
|
|
typeattribute $1_t likewise_domains;
|
|
|
|
type $1_var_run_t;
|
|
files_pid_file($1_var_run_t)
|
|
|
|
type $1_var_socket_t;
|
|
files_type($1_var_socket_t)
|
|
|
|
type $1_var_lib_t;
|
|
files_type($1_var_lib_t)
|
|
|
|
####################################
|
|
#
|
|
# Local Policy
|
|
#
|
|
|
|
allow $1_t self:process { signal_perms getsched setsched };
|
|
allow $1_t self:fifo_file rw_fifo_file_perms;
|
|
allow $1_t self:unix_dgram_socket create_socket_perms;
|
|
allow $1_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow $1_t self:tcp_socket create_stream_socket_perms;
|
|
allow $1_t self:udp_socket create_socket_perms;
|
|
|
|
allow $1_t likewise_var_lib_t:dir setattr_dir_perms;
|
|
|
|
manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
|
|
files_pid_filetrans($1_t, $1_var_run_t, file)
|
|
|
|
manage_files_pattern($1_t, likewise_var_lib_t, $1_var_lib_t)
|
|
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_lib_t, file)
|
|
|
|
manage_sock_files_pattern($1_t, likewise_var_lib_t, $1_var_socket_t)
|
|
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_socket_t, sock_file)
|
|
|
|
dev_read_rand($1_t)
|
|
dev_read_urand($1_t)
|
|
|
|
files_read_etc_files($1_t)
|
|
files_search_var_lib($1_t)
|
|
|
|
logging_send_syslog_msg($1_t)
|
|
|
|
miscfiles_read_localization($1_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Connect to lsassd.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`likewise_stream_connect_lsassd',`
|
|
gen_require(`
|
|
type likewise_var_lib_t, lsassd_var_socket_t, lsassd_t;
|
|
')
|
|
|
|
files_search_pids($1)
|
|
stream_connect_pattern($1, likewise_var_lib_t, lsassd_var_socket_t, lsassd_t)
|
|
')
|