SELinux policy change for LDAPI

We need to allow ns-slapd to manage the ldapi socket in the dirsrv SELinux policy. This patch adds the proper rules.
author: Nathan Kinder <nkinder@redhat.com> 2009-09-10 08:35:22 -0700
committer: Nathan Kinder <nkinder@redhat.com> 2009-09-10 08:35:22 -0700
commit: 0dedc61d90e84e15dad2d9ade77bc5503f6e4b62 (patch)
tree: ef3d564733e0ee6847e3e4ce41bd89da22197ddf /selinux
parent: 39869a77cbeb1967acfa1354092c81d05dd79be7 (diff)
download: ds-0dedc61d90e84e15dad2d9ade77bc5503f6e4b62.tar.gz
ds-0dedc61d90e84e15dad2d9ade77bc5503f6e4b62.tar.xz
ds-0dedc61d90e84e15dad2d9ade77bc5503f6e4b62.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te
index ea103557..872e42fe 100644
--- a/selinux/dirsrv.te
+++ b/selinux/dirsrv.te
@@ -88,12 +88,15 @@ logging_log_filetrans(dirsrv_t,dirsrv_var_log_t,{ sock_file file dir })
 
 # pid files
 manage_files_pattern(dirsrv_t, dirsrv_var_run_t, dirsrv_var_run_t)
-files_pid_filetrans(dirsrv_t,dirsrv_var_run_t, { file sock_file })
+files_pid_filetrans(dirsrv_t, dirsrv_var_run_t, { file sock_file })
+
+# ldapi socket
+manage_sock_files_pattern(dirsrv_t, dirsrv_var_run_t, dirsrv_var_run_t)
 
 #lock files
 manage_files_pattern(dirsrv_t, dirsrv_var_lock_t, dirsrv_var_lock_t)
 manage_dirs_pattern(dirsrv_t, dirsrv_var_lock_t, dirsrv_var_lock_t)
-files_lock_filetrans(dirsrv_t,dirsrv_var_lock_t, { file })
+files_lock_filetrans(dirsrv_t, dirsrv_var_lock_t, { file })
 
 # config files
 manage_files_pattern(dirsrv_t, dirsrv_config_t, dirsrv_config_t)
author	Nathan Kinder <nkinder@redhat.com>	2009-09-10 08:35:22 -0700
committer	Nathan Kinder <nkinder@redhat.com>	2009-09-10 08:35:22 -0700
commit	0dedc61d90e84e15dad2d9ade77bc5503f6e4b62 (patch)
tree	ef3d564733e0ee6847e3e4ce41bd89da22197ddf /selinux
parent	39869a77cbeb1967acfa1354092c81d05dd79be7 (diff)
download	ds-0dedc61d90e84e15dad2d9ade77bc5503f6e4b62.tar.gz ds-0dedc61d90e84e15dad2d9ade77bc5503f6e4b62.tar.xz ds-0dedc61d90e84e15dad2d9ade77bc5503f6e4b62.zip