diff --git a/policy/modules/services/nslcd.if b/policy/modules/services/nslcd.if index 8508977..3563980 100644 --- a/policy/modules/services/nslcd.if +++ b/policy/modules/services/nslcd.if @@ -76,7 +76,7 @@ interface(`nslcd_stream_connect',` ######################################## ## -## All of the rules required to administrate +## All of the rules required to administrate ## an nslcd environment ## ## @@ -94,6 +94,7 @@ interface(`nslcd_stream_connect',` interface(`nslcd_admin',` gen_require(` type nslcd_t, nslcd_initrc_exec_t; + type nslcd_conf_t, nslcd_var_run_t; ') ps_process_pattern($1, nslcd_t) @@ -105,5 +106,9 @@ interface(`nslcd_admin',` role_transition $2 nslcd_initrc_exec_t system_r; allow $2 system_r; - allow $1 nslcd_conf_t:file read_file_perms; + manage_files_pattern($1, nslcd_conf_t, nslcd_conf_t) + + manage_dirs_pattern($1, nslcd_var_run_t, nslcd_var_run_t) + manage_files_pattern($1, nslcd_var_run_t, nslcd_var_run_t) + manage_lnk_files_pattern($1, nslcd_var_run_t, nslcd_var_run_t) ') diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te index e93e1df..6d2794c 100644 --- a/policy/modules/services/nslcd.te +++ b/policy/modules/services/nslcd.te @@ -1,5 +1,5 @@ -policy_module(nslcd, 1.0.0) +policy_module(nslcd, 1.0.1) ######################################## #