authlogin: connect to userdb
Signed-off-by: bauen1 <j2468h@gmail.com>
This commit is contained in:
parent
ada848b352
commit
69b709930a
|
@ -426,6 +426,10 @@ files_read_etc_files(nsswitch_domain)
|
||||||
|
|
||||||
sysnet_dns_name_resolve(nsswitch_domain)
|
sysnet_dns_name_resolve(nsswitch_domain)
|
||||||
|
|
||||||
|
ifdef(`init_systemd', `
|
||||||
|
systemd_stream_connect_userdb(nsswitch_domain)
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`authlogin_nsswitch_use_ldap',`
|
tunable_policy(`authlogin_nsswitch_use_ldap',`
|
||||||
miscfiles_read_generic_certs(nsswitch_domain)
|
miscfiles_read_generic_certs(nsswitch_domain)
|
||||||
sysnet_use_ldap(nsswitch_domain)
|
sysnet_use_ldap(nsswitch_domain)
|
||||||
|
|
|
@ -923,6 +923,25 @@ interface(`init_stream_connect',`
|
||||||
allow $1 init_t:unix_stream_socket getattr;
|
allow $1 init_t:unix_stream_socket getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Connect to init with a unix socket.
|
||||||
|
## Without any additional permissions.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`init_unix_stream_socket_connectto',`
|
||||||
|
gen_require(`
|
||||||
|
type init_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 init_t:unix_stream_socket connectto;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Inherit and use file descriptors from init.
|
## Inherit and use file descriptors from init.
|
||||||
|
|
|
@ -462,6 +462,27 @@ interface(`systemd_manage_userdb_runtime_sock_files', `
|
||||||
manage_sock_files_pattern($1, systemd_userdb_runtime_t, systemd_userdb_runtime_t)
|
manage_sock_files_pattern($1, systemd_userdb_runtime_t, systemd_userdb_runtime_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Connect to /run/systemd/userdb/io.systemd.DynamicUser .
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`systemd_stream_connect_userdb', `
|
||||||
|
gen_require(`
|
||||||
|
type systemd_userdb_runtime_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
init_search_runtime($1)
|
||||||
|
allow $1 systemd_userdb_runtime_t:dir list_dir_perms;
|
||||||
|
allow $1 systemd_userdb_runtime_t:sock_file write_sock_file_perms;
|
||||||
|
init_unix_stream_socket_connectto($1)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Allow reading /run/systemd/machines
|
## Allow reading /run/systemd/machines
|
||||||
|
|
Loading…
Reference in New Issue