diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-04-07 23:38:51 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-07 23:38:51 -0400 |
commit | 039581d1ed67901f244679c80310bf6951dd10e6 (patch) | |
tree | 20c85e02fdbf3b7fbfca59f3f3eab56fae88afeb /ipa-server/selinux | |
parent | dc861888ad61a29cc601c0447b0d099b3286e89c (diff) | |
download | freeipa-039581d1ed67901f244679c80310bf6951dd10e6.tar.gz freeipa-039581d1ed67901f244679c80310bf6951dd10e6.tar.xz freeipa-039581d1ed67901f244679c80310bf6951dd10e6.zip |
Some SELinux policy changes provided by Dan Walsh.
440651
Diffstat (limited to 'ipa-server/selinux')
-rw-r--r-- | ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te b/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te index 328043fd7..55e65cc39 100644 --- a/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te +++ b/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te @@ -16,6 +16,7 @@ init_daemon_domain(ipa_kpasswd_t, ipa_kpasswd_exec_t) # IPA kpasswd local policy # +allow ipa_kpasswd_t self:capability { sys_nice dac_override }; allow ipa_kpasswd_t self:tcp_socket create_stream_socket_perms; allow ipa_kpasswd_t self:udp_socket create_socket_perms; @@ -36,6 +37,8 @@ logging_send_syslog_msg(ipa_kpasswd_t) miscfiles_read_localization(ipa_kpasswd_t) kerberos_use(ipa_kpasswd_t) +kerberos_manage_host_rcache(ipa_kpasswd_t) +kerberos_read_kdc_config(ipa_kpasswd_t) kernel_read_system_state(ipa_kpasswd_t) @@ -58,3 +61,8 @@ corenet_tcp_bind_all_nodes(ipa_kpasswd_t) corenet_udp_bind_all_nodes(ipa_kpasswd_t) corenet_tcp_bind_kerberos_admin_port(ipa_kpasswd_t) corenet_udp_bind_kerberos_admin_port(ipa_kpasswd_t) +require { + type krb5kdc_conf_t; +}; + +allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms; |