diff options
Diffstat (limited to 'policy/modules/contrib/sssd.te')
-rw-r--r-- | policy/modules/contrib/sssd.te | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/policy/modules/contrib/sssd.te b/policy/modules/contrib/sssd.te deleted file mode 100644 index 8b537aaea..000000000 --- a/policy/modules/contrib/sssd.te +++ /dev/null @@ -1,129 +0,0 @@ -policy_module(sssd, 1.1.4) - -######################################## -# -# Declarations -# - -type sssd_t; -type sssd_exec_t; -init_daemon_domain(sssd_t, sssd_exec_t) - -type sssd_initrc_exec_t; -init_script_file(sssd_initrc_exec_t) - -type sssd_conf_t; -files_config_file(sssd_conf_t) - -type sssd_public_t; -files_pid_file(sssd_public_t) - -type sssd_var_lib_t; -files_type(sssd_var_lib_t) -mls_trusted_object(sssd_var_lib_t) - -type sssd_var_log_t; -logging_log_file(sssd_var_log_t) - -type sssd_var_run_t; -files_pid_file(sssd_var_run_t) - -######################################## -# -# Local policy -# - -allow sssd_t self:capability { chown dac_read_search dac_override kill net_admin sys_nice setgid setuid sys_admin sys_resource }; -allow sssd_t self:capability2 block_suspend; -allow sssd_t self:process { setfscreate setsched sigkill signal getsched setrlimit }; -allow sssd_t self:fifo_file rw_fifo_file_perms; -allow sssd_t self:key manage_key_perms; -allow sssd_t self:unix_stream_socket { accept connectto listen }; - -read_files_pattern(sssd_t, sssd_conf_t, sssd_conf_t) - -manage_dirs_pattern(sssd_t, sssd_public_t, sssd_public_t) -manage_files_pattern(sssd_t, sssd_public_t, sssd_public_t) - -manage_dirs_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t) -manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t) -manage_lnk_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t) -manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t) -files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir }) - -append_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t) -create_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t) -setattr_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t) -logging_log_filetrans(sssd_t, sssd_var_log_t, file) - -manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t) -manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t) -files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir }) - -kernel_read_network_state(sssd_t) -kernel_read_system_state(sssd_t) - -corenet_all_recvfrom_unlabeled(sssd_t) -corenet_all_recvfrom_netlabel(sssd_t) -corenet_udp_sendrecv_generic_if(sssd_t) -corenet_udp_sendrecv_generic_node(sssd_t) -corenet_udp_sendrecv_all_ports(sssd_t) -corenet_udp_bind_generic_node(sssd_t) - -corenet_sendrecv_generic_server_packets(sssd_t) -corenet_udp_bind_generic_port(sssd_t) -corenet_dontaudit_udp_bind_all_ports(sssd_t) - -corecmd_exec_bin(sssd_t) - -dev_read_urand(sssd_t) -dev_read_sysfs(sssd_t) - -domain_read_all_domains_state(sssd_t) -domain_obj_id_change_exemption(sssd_t) - -files_list_tmp(sssd_t) -files_read_etc_files(sssd_t) -files_read_etc_runtime_files(sssd_t) -files_read_usr_files(sssd_t) -files_list_var_lib(sssd_t) - -fs_list_inotifyfs(sssd_t) - -selinux_validate_context(sssd_t) - -seutil_read_file_contexts(sssd_t) -# sssd wants to write /etc/selinux/<policy>/logins/ for SELinux PAM module -# seutil_rw_login_config_dirs(sssd_t) -# seutil_manage_login_config_files(sssd_t) - -mls_file_read_to_clearance(sssd_t) -mls_socket_read_to_clearance(sssd_t) -mls_socket_write_to_clearance(sssd_t) -mls_trusted_object(sssd_t) - -auth_domtrans_chk_passwd(sssd_t) -auth_domtrans_upd_passwd(sssd_t) -auth_manage_cache(sssd_t) - -init_read_utmp(sssd_t) - -logging_send_syslog_msg(sssd_t) -logging_send_audit_msgs(sssd_t) - -miscfiles_read_generic_certs(sssd_t) -miscfiles_read_localization(sssd_t) - -sysnet_dns_name_resolve(sssd_t) -sysnet_use_ldap(sssd_t) - -optional_policy(` - dbus_system_bus_client(sssd_t) - dbus_connect_system_bus(sssd_t) -') - -optional_policy(` - kerberos_read_config(sssd_t) - kerberos_manage_host_rcache(sssd_t) - kerberos_tmp_filetrans_host_rcache(sssd_t, file, "host_0") -') |