summaryrefslogtreecommitdiffstats
path: root/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'selinux')
-rw-r--r--selinux/Makefile5
-rw-r--r--selinux/ipa-server-selinux.spec.in5
-rw-r--r--selinux/ipa_kpasswd/ipa_kpasswd.fc9
-rw-r--r--selinux/ipa_kpasswd/ipa_kpasswd.te80
4 files changed, 4 insertions, 95 deletions
diff --git a/selinux/Makefile b/selinux/Makefile
index 62b7bf7ed..9e87bdd8f 100644
--- a/selinux/Makefile
+++ b/selinux/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS = ipa_kpasswd ipa_httpd ipa_dogtag
+SUBDIRS = ipa_httpd ipa_dogtag
POLICY_MAKEFILE = /usr/share/selinux/devel/Makefile
POLICY_DIR = $(DESTDIR)/usr/share/selinux/targeted
@@ -21,9 +21,8 @@ maintainer-clean: distclean
install: all
install -d $(POLICY_DIR)
- install -m 644 ipa_kpasswd/ipa_kpasswd.pp $(POLICY_DIR)
install -m 644 ipa_httpd/ipa_httpd.pp $(POLICY_DIR)
install -m 644 ipa_dogtag/ipa_dogtag.pp $(POLICY_DIR)
load:
- /usr/sbin/semodule -i ipa_kpasswd/ipa_kpasswd.pp ipa_httpd/ipa_httpd.pp
+ /usr/sbin/semodule -i ipa_httpd/ipa_httpd.pp
diff --git a/selinux/ipa-server-selinux.spec.in b/selinux/ipa-server-selinux.spec.in
index 3387553ab..b3c7d89cf 100644
--- a/selinux/ipa-server-selinux.spec.in
+++ b/selinux/ipa-server-selinux.spec.in
@@ -36,7 +36,6 @@ make DESTDIR=%{buildroot} install
%files
%{_usr}/share/selinux/targeted/ipa_webgui.pp
-%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
%define saveFileContext() \
@@ -61,7 +60,7 @@ fi;
%saveFileContext targeted
%post
-semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp /usr/share/selinux/targeted/ipa_kpasswd.pp
+semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp
%relabel targeted
%preun
@@ -71,7 +70,7 @@ fi
%postun
if [ $1 = 0 ]; then
-semodule -s targeted -r ipa_webgui ipa_kpasswd
+semodule -s targeted -r ipa_webgui
%relabel targeted
fi
diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.fc b/selinux/ipa_kpasswd/ipa_kpasswd.fc
deleted file mode 100644
index 2dcf827dd..000000000
--- a/selinux/ipa_kpasswd/ipa_kpasswd.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-#
-# /usr
-#
-/usr/sbin/ipa_kpasswd -- gen_context(system_u:object_r:ipa_kpasswd_exec_t,s0)
-
-#
-# /var
-#
-/var/cache/ipa/kpasswd(/.*)? gen_context(system_u:object_r:ipa_kpasswd_ccache_t,s0)
diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te
deleted file mode 100644
index 292be7b89..000000000
--- a/selinux/ipa_kpasswd/ipa_kpasswd.te
+++ /dev/null
@@ -1,80 +0,0 @@
-policy_module(ipa_kpasswd, 1.0)
-
-########################################
-#
-# Declarations
-#
-
-type ipa_kpasswd_t;
-type ipa_kpasswd_exec_t;
-type ipa_kpasswd_var_run_t;
-type ipa_kpasswd_ccache_t;
-init_daemon_domain(ipa_kpasswd_t, ipa_kpasswd_exec_t)
-
-########################################
-#
-# IPA kpasswd local policy
-#
-
-allow ipa_kpasswd_t self:capability { sys_nice dac_override };
-allow ipa_kpasswd_t self:tcp_socket create_stream_socket_perms;
-allow ipa_kpasswd_t self:udp_socket create_socket_perms;
-
-files_read_etc_files(ipa_kpasswd_t)
-files_search_usr(ipa_kpasswd_t)
-
-files_pid_file(ipa_kpasswd_var_run_t);
-allow ipa_kpasswd_t ipa_kpasswd_var_run_t:file manage_file_perms;
-files_pid_filetrans(ipa_kpasswd_t,ipa_kpasswd_var_run_t,file)
-
-auth_use_nsswitch(ipa_kpasswd_t)
-
-libs_use_ld_so(ipa_kpasswd_t)
-libs_use_shared_libs(ipa_kpasswd_t)
-
-logging_send_syslog_msg(ipa_kpasswd_t)
-
-miscfiles_read_localization(ipa_kpasswd_t)
-
-kerberos_use(ipa_kpasswd_t)
-kerberos_manage_host_rcache(ipa_kpasswd_t)
-kerberos_read_kdc_config(ipa_kpasswd_t)
-
-kernel_read_system_state(ipa_kpasswd_t)
-
-# /var/cache/ipa/kpasswd
-files_type(ipa_kpasswd_ccache_t)
-manage_dirs_pattern(ipa_kpasswd_t, ipa_kpasswd_ccache_t, ipa_kpasswd_ccache_t)
-manage_files_pattern(ipa_kpasswd_t, ipa_kpasswd_ccache_t, ipa_kpasswd_ccache_t)
-files_var_filetrans(ipa_kpasswd_t, ipa_kpasswd_ccache_t,dir)
-
-kernel_read_network_state(ipa_kpasswd_t)
-kernel_read_network_state_symlinks(ipa_kpasswd_t)
-
-corenet_tcp_sendrecv_all_if(ipa_kpasswd_t)
-corenet_udp_sendrecv_all_if(ipa_kpasswd_t)
-corenet_raw_sendrecv_all_if(ipa_kpasswd_t)
-corenet_tcp_sendrecv_all_nodes(ipa_kpasswd_t)
-corenet_udp_sendrecv_all_nodes(ipa_kpasswd_t)
-corenet_raw_sendrecv_all_nodes(ipa_kpasswd_t)
-corenet_tcp_sendrecv_all_ports(ipa_kpasswd_t)
-corenet_udp_sendrecv_all_ports(ipa_kpasswd_t)
-corenet_non_ipsec_sendrecv(ipa_kpasswd_t)
-corenet_tcp_bind_all_nodes(ipa_kpasswd_t)
-corenet_udp_bind_all_nodes(ipa_kpasswd_t)
-corenet_tcp_bind_kerberos_admin_port(ipa_kpasswd_t)
-corenet_udp_bind_kerberos_admin_port(ipa_kpasswd_t)
-require {
- type krb5kdc_conf_t;
-};
-
-allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms;
-
-optional_policy(`
- gen_require(`
- type kerberos_password_port_t;
- ')
- corenet_tcp_bind_kerberos_password_port(ipa_kpasswd_t)
- corenet_udp_bind_kerberos_password_port(ipa_kpasswd_t)
-')
-