blob: 64525ba99ad2c455941a937d77ea5cc1af6c68d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
module ipa_httpd 1.2;
require {
type httpd_t;
type named_t;
type initrc_t;
type var_run_t;
type krb5kdc_t;
type cert_t;
type dirsrv_t;
class sock_file write;
class unix_stream_socket connectto;
class file write;
}
# Let Apache, bind and the KDC talk to DS over ldapi
allow httpd_t var_run_t:sock_file write;
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t dirsrv_t:unix_stream_socket connectto;
allow krb5kdc_t var_run_t:sock_file write;
allow krb5kdc_t initrc_t:unix_stream_socket connectto;
allow named_t var_run_t:sock_file write;
allow named_t initrc_t:unix_stream_socket connectto;
# Let Apache access the NSS certificate database so it can issue certs
# See ipa_httpd.fe for the list of files that are granted write access
allow httpd_t cert_t:file write;
|
