Sssd patch from Dan Walsh.

This commit is contained in:
Chris PeBenito 2010-01-07 09:00:59 -05:00
parent 207c4d1e6e
commit f3890b25db
3 changed files with 33 additions and 4 deletions

View File

@ -1,6 +1,9 @@
/etc/rc.d/init.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
/etc/rc\.d/init\.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
/usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0)
/var/lib/sss(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
/var/log/sssd(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)

View File

@ -18,6 +18,24 @@ interface(`sssd_domtrans',`
domtrans_pattern($1, sssd_exec_t, sssd_t)
')
########################################
## <summary>
## Execute sssd server in the sssd domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sssd_initrc_domtrans',`
gen_require(`
type sssd_initrc_exec_t;
')
init_labeled_script_domtrans($1, sssd_initrc_exec_t)
')
########################################
## <summary>
## Read sssd PID files.
@ -156,7 +174,7 @@ interface(`sssd_stream_connect',`
########################################
## <summary>
## All of the rules required to administrate
## All of the rules required to administrate
## an sssd environment
## </summary>
## <param name="domain">

View File

@ -1,5 +1,5 @@
policy_module(sssd, 1.0.0)
policy_module(sssd, 1.0.1)
########################################
#
@ -16,6 +16,9 @@ init_script_file(sssd_initrc_exec_t)
type sssd_var_lib_t;
files_type(sssd_var_lib_t)
type sssd_var_log_t;
logging_log_file(sssd_var_log_t)
type sssd_var_run_t;
files_pid_file(sssd_var_run_t)
@ -23,7 +26,7 @@ files_pid_file(sssd_var_run_t)
#
# sssd local policy
#
allow sssd_t self:capability { sys_nice setuid };
allow sssd_t self:capability { sys_nice setgid setuid };
allow sssd_t self:process { setsched signal getsched };
allow sssd_t self:fifo_file rw_file_perms;
allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
@ -33,6 +36,9 @@ manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir } )
manage_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t)
logging_log_filetrans(sssd_t, sssd_var_log_t, file)
manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir })
@ -47,6 +53,8 @@ files_list_tmp(sssd_t)
files_read_etc_files(sssd_t)
files_read_usr_files(sssd_t)
fs_list_inotifyfs(sssd_t)
auth_use_nsswitch(sssd_t)
auth_domtrans_chk_passwd(sssd_t)
auth_domtrans_upd_passwd(sssd_t)