selinux-refpolicy/refpolicy/policy/modules/services/ldap.if
Chris PeBenito 3774e4eb28 todo cleanup
2005-09-20 20:48:17 +00:00

56 lines
1.1 KiB
Plaintext

## <summary>OpenLDAP directory server</summary>
########################################
## <summary>
## Read the contents of the OpenLDAP
## database directories.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`ldap_list_db_dir',`
gen_require(`
type slapd_db_t;
class dir r_dir_perms;
')
allow $1 slapd_db_t:dir r_dir_perms;
')
########################################
## <summary>
## Read the OpenLDAP configuration files.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`ldap_read_config',`
gen_require(`
type slapd_etc_t;
class file { getattr read };
')
files_search_etc($1)
allow $1 slapd_etc_t:file { getattr read };
')
########################################
## <summary>
## Use LDAP over TCP connection.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`ldap_use',`
gen_require(`
type slapd_t;
')
allow $1 slapd_t:tcp_socket { connectto recvfrom };
allow slapd_t $1:tcp_socket { acceptfrom recvfrom };
kernel_tcp_recvfrom($1)
')