diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-08-28 13:10:41 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-09-10 11:40:55 -0400 |
| commit | a269df542099e14b16249473857d3067a6da1d41 (patch) | |
| tree | 377453b3e99a72757b9e2ed9bbcf8d80f604d04e /selinux/ipa_httpd | |
| parent | b80e773c1d0139b5da6fcd7a25238dc05f49d83c (diff) | |
| download | freeipa-a269df542099e14b16249473857d3067a6da1d41.tar.gz freeipa-a269df542099e14b16249473857d3067a6da1d41.tar.xz freeipa-a269df542099e14b16249473857d3067a6da1d41.zip | |
Allow httpd to read unix sockets so it can communicate to DS over ldapi
Diffstat (limited to 'selinux/ipa_httpd')
| -rw-r--r-- | selinux/ipa_httpd/ipa_httpd.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te index a13ebc128..9d5a46d0e 100644 --- a/selinux/ipa_httpd/ipa_httpd.te +++ b/selinux/ipa_httpd/ipa_httpd.te @@ -3,9 +3,12 @@ module ipa_httpd 1.0; require { type pki_ca_var_lib_t; type httpd_t; + type initrc_t; class lnk_file { read getattr }; class dir { read search open getattr }; class file { getattr read open execute }; + class sock_file { write }; + class unix_stream_socket connectto; } # Let Apache read the directories within the certificate authority @@ -14,3 +17,6 @@ allow httpd_t pki_ca_var_lib_t:dir { read search open getattr }; allow httpd_t pki_ca_var_lib_t:file { read getattr open }; allow httpd_t pki_ca_var_lib_t:lnk_file { read getattr }; +# Let Apache talk to DS over ldapi +allow httpd_t var_run_t:sock_file { write }; +allow httpd_t initrc_t:unix_stream_socket connectto; |