summaryrefslogtreecommitdiffstats
path: root/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'selinux')
-rw-r--r--selinux/ipa_httpd/ipa_httpd.te6
1 files changed, 6 insertions, 0 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
index a13ebc128..9d5a46d0e 100644
--- a/selinux/ipa_httpd/ipa_httpd.te
+++ b/selinux/ipa_httpd/ipa_httpd.te
@@ -3,9 +3,12 @@ module ipa_httpd 1.0;
require {
type pki_ca_var_lib_t;
type httpd_t;
+ type initrc_t;
class lnk_file { read getattr };
class dir { read search open getattr };
class file { getattr read open execute };
+ class sock_file { write };
+ class unix_stream_socket connectto;
}
# Let Apache read the directories within the certificate authority
@@ -14,3 +17,6 @@ allow httpd_t pki_ca_var_lib_t:dir { read search open getattr };
allow httpd_t pki_ca_var_lib_t:file { read getattr open };
allow httpd_t pki_ca_var_lib_t:lnk_file { read getattr };
+# Let Apache talk to DS over ldapi
+allow httpd_t var_run_t:sock_file { write };
+allow httpd_t initrc_t:unix_stream_socket connectto;