diff options
author | Sumit Bose <sbose@nb.localdomain> | 2008-10-29 15:22:48 +0100 |
---|---|---|
committer | Sumit Bose <sbose@nb.localdomain> | 2008-10-29 15:22:48 +0100 |
commit | 24afc84bf95c7381d4130562a1d3c483450a7b35 (patch) | |
tree | 752f1d2ea574a50467b8ccdc3a4cbbb452bf34e7 | |
parent | 3ef36ce787eaf4783620cba0d4b0e99d9ace510e (diff) | |
download | ipa_policy-24afc84bf95c7381d4130562a1d3c483450a7b35.tar.gz ipa_policy-24afc84bf95c7381d4130562a1d3c483450a7b35.tar.xz ipa_policy-24afc84bf95c7381d4130562a1d3c483450a7b35.zip |
added pam_selinux_roles
-rw-r--r-- | pam_selinux_roles/pam_selinux_roles.rng | 65 | ||||
-rw-r--r-- | pam_selinux_roles/pam_selinux_roles_example_policy.xml | 54 |
2 files changed, 119 insertions, 0 deletions
diff --git a/pam_selinux_roles/pam_selinux_roles.rng b/pam_selinux_roles/pam_selinux_roles.rng new file mode 100644 index 0000000..d72ee06 --- /dev/null +++ b/pam_selinux_roles/pam_selinux_roles.rng @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="utf-8"?> +<grammar ns="http://freeipa.org/xml/rng/pam_selinux_roles/1.0" +xmlns="http://relaxng.org/ns/structure/1.0" +datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" +xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" +xmlns:s="http://purl.oclc.org/dsdl/schematron" +xmlns:pa="http://freeipa.org/xml/rng/ns/plugable_architecture/1.0"> + + <a:documentation>Role definitions for pam_selinux</a:documentation> + + <a:documentation>The following section can be used to register the RNG schema file for the UI</a:documentation> + <a:name>pam_selinux_roles</a:name> + <a:description>set pam_selinux roles</a:description> + <a:author>sbose@redhat.com</a:author> + <a:version>0.1</a:version> + + <define name="rng_filename"><value>pam_selinux_roles.rng</value></define> + <define name="xslt_filename"><value>pam_selinux_roles.xslt</value></define> + <define name="application_name"><value>pam_selinux_roles</value></define> + <include href="policy_metadata.rng"/> + + <start ns="http://freeipa.org/xml/rng/pam_selinux_roles/1.0"> + <element name="ipa"> + + <ref name="policy_metadata"/> + + <element name="iparole"> + <oneOrMore> + <element name="role"> + <element name="name"> + <text/> + </element> + <element name="default_context"> + <element name="selinux_user"> + <text/> + </element> + <optional> + <element name="mls"> + <text/> + </element> + </optional> + </element> + <zeroOrMore> + <element name="context"> + <oneOrMore> + <element name="service"> + <text/> + </element> + </oneOrMore> + <element name="selinux_user"> + <text/> + </element> + <optional> + <element name="mls"> + <text/> + </element> + </optional> + </element> + </zeroOrMore> + </element> <!-- role --> + </oneOrMore> + </element> <!-- iparole --> + </element> <!-- ipa --> + </start> +</grammar> diff --git a/pam_selinux_roles/pam_selinux_roles_example_policy.xml b/pam_selinux_roles/pam_selinux_roles_example_policy.xml new file mode 100644 index 0000000..a2b341d --- /dev/null +++ b/pam_selinux_roles/pam_selinux_roles_example_policy.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ipa xmlns="http://freeipa.org/xml/rng/pam_selinux_roles/1.0"> + <metadata> + <name>simple selinux_roles example</name> + <author>sbose@redhat.com</author> + <version>0.7071</version> + <RNGfile>pam_selinux_roles.rng</RNGfile> + <XSLTfile>pam_selinux_roles.xslt</XSLTfile> + <app>pam_selinux_roles</app> + </metadata> + + <iparole> + <role> + <name>guest</name> + <default_context> + <selinux_user>guest_u</selinux_user> + <mls>S0</mls> + </default_context> + </role> + + <role> + <name>user</name> + <default_context> + <selinux_user>guest_u</selinux_user> + <mls>S0</mls> + </default_context> + <context> + <service>ssh</service> + <service>console</service> + <selinux_user>user_u</selinux_user> + <mls>S0</mls> + </context> + </role> + + <role> + <name>admin</name> + <default_context> + <selinux_user>guest_u</selinux_user> + <mls>S0</mls> + </default_context> + <context> + <service>ssh</service> + <selinux_user>staff_u</selinux_user> + <mls>S0</mls> + </context> + <context> + <service>console</service> + <selinux_user>staff_u</selinux_user> + <mls>S0-S15</mls> + </context> + </role> + </iparole> + +</ipa> |