ipa_kpasswd: Update selinux policies for ldap and urandom

Fixes: https://fedorahosted.org/freeipa/ticket/2160
author: Evgeny Sinelnikov <sin@altlinux.ru> 2011-12-03 09:44:38 +0400
committer: Rob Crittenden <rcritten@redhat.com> 2011-12-04 17:25:50 -0500
commit: 89d9ad428cf48a3aac55173ecf074e0a234a5ee5 (patch)
tree: 53ced649ec4844f5dc9926570ff9a47adbce0371
parent: 455ce3c67e04bb7d0aa17c961f426ba4e073af84 (diff)
download: freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.tar.gz
freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.tar.xz
freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te
index 292be7b8..eefb70bc 100644
--- a/selinux/ipa_kpasswd/ipa_kpasswd.te
+++ b/selinux/ipa_kpasswd/ipa_kpasswd.te
@@ -64,6 +64,7 @@ corenet_tcp_bind_all_nodes(ipa_kpasswd_t)
 corenet_udp_bind_all_nodes(ipa_kpasswd_t)
 corenet_tcp_bind_kerberos_admin_port(ipa_kpasswd_t)
 corenet_udp_bind_kerberos_admin_port(ipa_kpasswd_t)
+corenet_tcp_connect_ldap_port(ipa_kpasswd_t)
 require {
 	type krb5kdc_conf_t; 
 };
@@ -78,3 +79,8 @@ optional_policy(`
     corenet_udp_bind_kerberos_password_port(ipa_kpasswd_t)
 ')
 
+require {
+    type urandom_device_t;
+}
+
+allow ipa_kpasswd_t urandom_device_t:chr_file { open read getattr };
author	Evgeny Sinelnikov <sin@altlinux.ru>	2011-12-03 09:44:38 +0400
committer	Rob Crittenden <rcritten@redhat.com>	2011-12-04 17:25:50 -0500
commit	89d9ad428cf48a3aac55173ecf074e0a234a5ee5 (patch)
tree	53ced649ec4844f5dc9926570ff9a47adbce0371
parent	455ce3c67e04bb7d0aa17c961f426ba4e073af84 (diff)
download	freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.tar.gz freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.tar.xz freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.zip