Sssd patch from Dan Walsh.
This commit is contained in:
parent
207c4d1e6e
commit
f3890b25db
@ -1,6 +1,9 @@
|
||||
/etc/rc.d/init.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
|
||||
|
||||
/usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0)
|
||||
|
||||
/var/lib/sss(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
|
||||
|
||||
/var/log/sssd(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
|
||||
|
||||
/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)
|
||||
|
@ -18,6 +18,24 @@ interface(`sssd_domtrans',`
|
||||
domtrans_pattern($1, sssd_exec_t, sssd_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute sssd server in the sssd domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`sssd_initrc_domtrans',`
|
||||
gen_require(`
|
||||
type sssd_initrc_exec_t;
|
||||
')
|
||||
|
||||
init_labeled_script_domtrans($1, sssd_initrc_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read sssd PID files.
|
||||
@ -156,7 +174,7 @@ interface(`sssd_stream_connect',`
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## All of the rules required to administrate
|
||||
## an sssd environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(sssd, 1.0.0)
|
||||
policy_module(sssd, 1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -16,6 +16,9 @@ init_script_file(sssd_initrc_exec_t)
|
||||
type sssd_var_lib_t;
|
||||
files_type(sssd_var_lib_t)
|
||||
|
||||
type sssd_var_log_t;
|
||||
logging_log_file(sssd_var_log_t)
|
||||
|
||||
type sssd_var_run_t;
|
||||
files_pid_file(sssd_var_run_t)
|
||||
|
||||
@ -23,7 +26,7 @@ files_pid_file(sssd_var_run_t)
|
||||
#
|
||||
# sssd local policy
|
||||
#
|
||||
allow sssd_t self:capability { sys_nice setuid };
|
||||
allow sssd_t self:capability { sys_nice setgid setuid };
|
||||
allow sssd_t self:process { setsched signal getsched };
|
||||
allow sssd_t self:fifo_file rw_file_perms;
|
||||
allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
@ -33,6 +36,9 @@ manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
|
||||
manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
|
||||
files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir } )
|
||||
|
||||
manage_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t)
|
||||
logging_log_filetrans(sssd_t, sssd_var_log_t, file)
|
||||
|
||||
manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
|
||||
manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
|
||||
files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir })
|
||||
@ -47,6 +53,8 @@ files_list_tmp(sssd_t)
|
||||
files_read_etc_files(sssd_t)
|
||||
files_read_usr_files(sssd_t)
|
||||
|
||||
fs_list_inotifyfs(sssd_t)
|
||||
|
||||
auth_use_nsswitch(sssd_t)
|
||||
auth_domtrans_chk_passwd(sssd_t)
|
||||
auth_domtrans_upd_passwd(sssd_t)
|
||||
|
Loading…
Reference in New Issue
Block a user