summaryrefslogtreecommitdiffstats
path: root/selinux
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-01-27 14:51:53 -0500
committerRob Crittenden <rcritten@redhat.com>2010-02-03 14:40:57 -0500
commitececb849d2f3e07c653b53be3902981b8bc48a70 (patch)
tree9ee89012b821402e6c94bf6fb28e2694bfbf40e0 /selinux
parente672510c064558b08bd288f590d620dce96a23c5 (diff)
downloadfreeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.tar.gz
freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.tar.xz
freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.zip
Add permissions for named to communicate over ldapi
Diffstat (limited to 'selinux')
-rw-r--r--selinux/ipa_httpd/ipa_httpd.te5
1 files changed, 4 insertions, 1 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
index e01ca8912..65b161fe5 100644
--- a/selinux/ipa_httpd/ipa_httpd.te
+++ b/selinux/ipa_httpd/ipa_httpd.te
@@ -2,6 +2,7 @@ module ipa_httpd 1.2;
require {
type httpd_t;
+ type named_t;
type initrc_t;
type var_run_t;
type krb5kdc_t;
@@ -11,11 +12,13 @@ require {
class file write;
}
-# Let Apache and the KDC talk to DS over ldapi
+# Let Apache, bind and the KDC talk to DS over ldapi
allow httpd_t var_run_t:sock_file write;
allow httpd_t initrc_t:unix_stream_socket connectto;
allow krb5kdc_t var_run_t:sock_file write;
allow krb5kdc_t initrc_t:unix_stream_socket connectto;
+allow named_t var_run_t:sock_file write;
+allow named_t initrc_t:unix_stream_socket connectto;
# Let Apache access the NSS certificate database so it can issue certs
# See ipa_httpd.fe for the list of files that are granted write access