Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame refpolicy/policy/modules/services/kerberos.if

Blob History Raw

Chris PeBenito	5e1ed4	`## <summary>MIT Kerberos admin and KDC</summary>`
Chris PeBenito	5e1ed4	`## <desc>`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	5e1ed4	`## This policy supports:`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	5e1ed4	`## Servers:`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	5e1ed4	`## kadmind`
Chris PeBenito	5e1ed4	`## krb5kdc`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	65c861	`##`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	5e1ed4	`## Clients:`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	5e1ed4	`## kinit`
Chris PeBenito	5e1ed4	`## kdestroy`
Chris PeBenito	5e1ed4	`## klist`
Chris PeBenito	5e1ed4	`## ksu (incomplete)`
Chris PeBenito	5e1ed4	`##`
Chris PeBenito	65c861	`##`
Chris PeBenito	5e1ed4	`## </desc>`
Chris PeBenito	5e1ed4
Chris PeBenito	5e1ed4	`########################################`
Chris PeBenito	5e1ed4	`## <summary>`
Chris PeBenito	5e1ed4	`## Use kerberos services`
Chris PeBenito	5e1ed4	`## </summary>`
Chris PeBenito	5e1ed4	`## <param name="domain">`
Chris PeBenito	5e1ed4	`## Domain allowed access.`
Chris PeBenito	5e1ed4	`## </param>`
Chris PeBenito	5e1ed4	`#`
Chris PeBenito	5e1ed4	interface(`kerberos_use',`
Chris PeBenito	5e1ed4	gen_require(`
Chris PeBenito	5e1ed4	`type krb5_conf_t;`
Chris PeBenito	5e1ed4	`')`
Chris PeBenito	5e1ed4
Chris PeBenito	6e6156	`files_search_etc($1)`
Chris PeBenito	6e6156	`allow $1 krb5_conf_t:file { getattr read };`
Chris PeBenito	6e6156	`dontaudit $1 krb5_conf_t:file write;`
Chris PeBenito	6e6156
Chris PeBenito	5e1ed4	tunable_policy(`allow_kerberos',`
Chris PeBenito	6e6156	`allow $1 self:tcp_socket create_socket_perms;`
Chris PeBenito	6e6156	`allow $1 self:udp_socket create_socket_perms;`
Chris PeBenito	5e1ed4	`corenet_tcp_sendrecv_all_if($1)`
Chris PeBenito	5e1ed4	`corenet_udp_sendrecv_all_if($1)`
Chris PeBenito	5e1ed4	`corenet_raw_sendrecv_all_if($1)`
Chris PeBenito	5e1ed4	`corenet_tcp_sendrecv_all_nodes($1)`
Chris PeBenito	5e1ed4	`corenet_udp_sendrecv_all_nodes($1)`
Chris PeBenito	5e1ed4	`corenet_raw_sendrecv_all_nodes($1)`
Chris PeBenito	5e1ed4	`corenet_tcp_sendrecv_kerberos_port($1)`
Chris PeBenito	5e1ed4	`corenet_udp_sendrecv_kerberos_port($1)`
Chris PeBenito	5e1ed4	`corenet_tcp_bind_all_nodes($1)`
Chris PeBenito	5e1ed4	`corenet_udp_bind_all_nodes($1)`
Chris PeBenito	cff75c	`corenet_tcp_connect_kerberos_port($1)`
Chris PeBenito	5e1ed4	`sysnet_read_config($1)`
Chris PeBenito	98a8ea	`sysnet_dns_name_resolve($1)`
Chris PeBenito	5e1ed4	`')`
Chris PeBenito	5e1ed4	`')`
Chris PeBenito	5e1ed4
Chris PeBenito	5e1ed4	`########################################`
Chris PeBenito	5e1ed4	`## <summary>`
Chris PeBenito	5e1ed4	`## Read the kerberos configuration file (/etc/krb5.conf).`
Chris PeBenito	5e1ed4	`## </summary>`
Chris PeBenito	5e1ed4	`## <param name="domain">`
Chris PeBenito	5e1ed4	`## Domain allowed access.`
Chris PeBenito	5e1ed4	`## </param>`
Chris PeBenito	5e1ed4	`#`
Chris PeBenito	57a96c	interface(`kerberos_read_config',`
Chris PeBenito	5e1ed4	gen_require(`
Chris PeBenito	5e1ed4	`type krb5_conf_t;`
Chris PeBenito	5e1ed4	`')`
Chris PeBenito	5e1ed4
Chris PeBenito	5e1ed4	`files_search_etc($1)`
Chris PeBenito	5e1ed4	`allow $1 krb5_conf_t:file r_file_perms;`
Chris PeBenito	5e1ed4	`')`
Chris PeBenito	57a96c
Chris PeBenito	57a96c	`########################################`
Chris PeBenito	57a96c	`## <summary>`
Chris PeBenito	93070c	`## Do not audit attempts to write the kerberos`
Chris PeBenito	93070c	`## configuration file (/etc/krb5.conf).`
Chris PeBenito	93070c	`## </summary>`
Chris PeBenito	93070c	`## <param name="domain">`
Chris PeBenito	93070c	`## Domain to not audit.`
Chris PeBenito	93070c	`## </param>`
Chris PeBenito	93070c	`#`
Chris PeBenito	93070c	interface(`kerberos_dontaudit_write_config',`
Chris PeBenito	93070c	gen_require(`
Chris PeBenito	93070c	`type krb5_conf_t;`
Chris PeBenito	93070c	`')`
Chris PeBenito	93070c
Chris PeBenito	93070c	`dontaudit $1 krb5_conf_t:file write;`
Chris PeBenito	93070c	`')`
Chris PeBenito	93070c
Chris PeBenito	93070c	`########################################`
Chris PeBenito	93070c	`## <summary>`
Chris PeBenito	57a96c	`## Read and write the kerberos configuration file (/etc/krb5.conf).`
Chris PeBenito	57a96c	`## </summary>`
Chris PeBenito	57a96c	`## <param name="domain">`
Chris PeBenito	57a96c	`## Domain allowed access.`
Chris PeBenito	57a96c	`## </param>`
Chris PeBenito	57a96c	`#`
Chris PeBenito	57a96c	interface(`kerberos_rw_config',`
Chris PeBenito	57a96c	gen_require(`
Chris PeBenito	57a96c	`type krb5_conf_t;`
Chris PeBenito	57a96c	`')`
Chris PeBenito	57a96c
Chris PeBenito	57a96c	`files_search_etc($1)`
Chris PeBenito	57a96c	`allow $1 krb5_conf_t:file rw_file_perms;`
Chris PeBenito	57a96c	`')`
Chris PeBenito	4fd520
Chris PeBenito	4fd520	`########################################`
Chris PeBenito	4fd520	`## <summary>`
Chris PeBenito	4fd520	`## Read the kerberos key table.`
Chris PeBenito	4fd520	`## </summary>`
Chris PeBenito	4fd520	`## <param name="domain">`
Chris PeBenito	4fd520	`## Domain allowed access.`
Chris PeBenito	4fd520	`## </param>`
Chris PeBenito	4fd520	`#`
Chris PeBenito	4fd520	interface(`kerberos_read_keytab',`
Chris PeBenito	4fd520	gen_require(`
Chris PeBenito	4fd520	`type krb5_keytab_t;`
Chris PeBenito	4fd520	`')`
Chris PeBenito	4fd520
Chris PeBenito	4fd520	`files_search_etc($1)`
Chris PeBenito	4fd520	`allow $1 krb5_keytab_t:file r_file_perms;`
Chris PeBenito	4fd520	`')`

rpms / selinux-policy

Source Code

Blame refpolicy/policy/modules/services/kerberos.if