rpms / selinux-policy

Clone
Source Code
GIT

Blame refpolicy/policy/modules/services/ldap.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   77f6e2cd27a34a61439d2766f775ed0ba66ede48
  2.   refpolicy
  3.   policy
  4.   modules
  5.   services
  6.   ldap.if
Blob History Raw
Chris PeBenito 2961e7 
## <summary>OpenLDAP directory server</summary>
Chris PeBenito 2961e7
Chris PeBenito 2961e7 
########################################
Chris PeBenito 2961e7 
## <summary>
Chris PeBenito 2961e7 
##	Read the contents of the OpenLDAP
Chris PeBenito 2961e7 
##	database directories.
Chris PeBenito 2961e7 
## </summary>
Chris PeBenito 2961e7 
## <param name="domain">
Chris PeBenito 2961e7 
##	Domain allowed access.
Chris PeBenito 2961e7 
## </param>
Chris PeBenito 2961e7 
#
Chris PeBenito 2961e7 
interface(`ldap_list_db_dir',`
Chris PeBenito 2961e7 
	gen_require(`
Chris PeBenito 2961e7 
		type slapd_db_t;
Chris PeBenito 2961e7 
		class dir r_dir_perms;
Chris PeBenito 2961e7 
	')
Chris PeBenito 2961e7
Chris PeBenito 2961e7 
	allow $1 slapd_db_t:dir r_dir_perms;
Chris PeBenito 2961e7 
')
Chris PeBenito 2961e7
Chris PeBenito 2961e7 
########################################
Chris PeBenito 2961e7 
## <summary>
Chris PeBenito 2961e7 
##	Read the OpenLDAP configuration files.
Chris PeBenito 2961e7 
## </summary>
Chris PeBenito 2961e7 
## <param name="domain">
Chris PeBenito 2961e7 
##	Domain allowed access.
Chris PeBenito 2961e7 
## </param>
Chris PeBenito 2961e7 
#
Chris PeBenito 2961e7 
interface(`ldap_read_config',`
Chris PeBenito 2961e7 
	gen_require(`
Chris PeBenito 2961e7 
		type slapd_etc_t;
Chris PeBenito 2961e7 
		class file { getattr read };
Chris PeBenito 2961e7 
	')
Chris PeBenito 2961e7
Chris PeBenito 2961e7 
	files_search_etc($1)
Chris PeBenito 2961e7 
	allow $1 slapd_etc_t:file { getattr read };
Chris PeBenito 2961e7 
')
Chris PeBenito 3774e4
Chris PeBenito 3774e4 
########################################
Chris PeBenito 3774e4 
## <summary>
Chris PeBenito 3774e4 
##	Use LDAP over TCP connection.
Chris PeBenito 3774e4 
## </summary>
Chris PeBenito 3774e4 
## <param name="domain">
Chris PeBenito 3774e4 
##	Domain allowed access.
Chris PeBenito 3774e4 
## </param>
Chris PeBenito 3774e4 
#
Chris PeBenito 3774e4 
interface(`ldap_use',`
Chris PeBenito 3774e4 
	gen_require(`
Chris PeBenito 3774e4 
		type slapd_t;
Chris PeBenito 3774e4 
	')
Chris PeBenito 3774e4
Chris PeBenito 3774e4 
	allow $1 slapd_t:tcp_socket { connectto recvfrom };
Chris PeBenito 3774e4 
	allow slapd_t $1:tcp_socket { acceptfrom recvfrom };
Chris PeBenito 3774e4 
	kernel_tcp_recvfrom($1)
Chris PeBenito 3774e4 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation