RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nss_domain attribute patch 3, Miroslav Grepl

This commit is contained in:
Chris PeBenito 2012-07-10 08:43:38 -04:00
parent 330b13a4a2
commit b35c647481
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
policy/modules/system/authlogin.te
View File

@ -5,6 +5,14 @@ policy_module(authlogin, 2.3.1)
# Declarations # Declarations
# #
## <desc>
## <p>
## Allow users to resolve user passwd entries directly from ldap rather then using a sssd server
## </p>
## </desc>
gen_tunable(authlogin_nsswitch_use_ldap, false)
attribute can_read_shadow_passwords; attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords; attribute can_write_shadow_passwords;
attribute can_relabelto_shadow_passwords; attribute can_relabelto_shadow_passwords;
@ -407,17 +415,23 @@ files_list_var_lib(nsswitch_domain)
# read /etc/nsswitch.conf # read /etc/nsswitch.conf
files_read_etc_files(nsswitch_domain) files_read_etc_files(nsswitch_domain)
miscfiles_read_generic_certs(nsswitch_domain)
sysnet_dns_name_resolve(nsswitch_domain) sysnet_dns_name_resolve(nsswitch_domain)
sysnet_use_ldap(nsswitch_domain)
optional_policy(` tunable_policy(`authlogin_nsswitch_use_ldap',`
avahi_stream_connect(nsswitch_domain) files_list_var_lib(nsswitch_domain)
miscfiles_read_generic_certs(nsswitch_domain)
sysnet_use_ldap(nsswitch_domain)
') ')
optional_policy(` optional_policy(`
ldap_stream_connect(nsswitch_domain) tunable_policy(`authlogin_nsswitch_use_ldap',`
ldap_stream_connect(nsswitch_domain)
')
')
optional_policy(`
avahi_stream_connect(nsswitch_domain)
') ')
optional_policy(` optional_policy(`