diff options
Diffstat (limited to 'policy/modules/contrib/nslcd.te')
-rw-r--r-- | policy/modules/contrib/nslcd.te | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/policy/modules/contrib/nslcd.te b/policy/modules/contrib/nslcd.te new file mode 100644 index 00000000..4e28d582 --- /dev/null +++ b/policy/modules/contrib/nslcd.te @@ -0,0 +1,45 @@ +policy_module(nslcd, 1.2.0) + +######################################## +# +# Declarations +# + +type nslcd_t; +type nslcd_exec_t; +init_daemon_domain(nslcd_t, nslcd_exec_t) + +type nslcd_initrc_exec_t; +init_script_file(nslcd_initrc_exec_t) + +type nslcd_var_run_t; +files_pid_file(nslcd_var_run_t) + +type nslcd_conf_t; +files_type(nslcd_conf_t) + +######################################## +# +# nslcd local policy +# + +allow nslcd_t self:capability { setgid setuid dac_override }; +allow nslcd_t self:process signal; +allow nslcd_t self:unix_stream_socket create_stream_socket_perms; + +allow nslcd_t nslcd_conf_t:file read_file_perms; + +manage_dirs_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t) +manage_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t) +manage_sock_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t) +files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir }) + +kernel_read_system_state(nslcd_t) + +files_read_etc_files(nslcd_t) + +auth_use_nsswitch(nslcd_t) + +logging_send_syslog_msg(nslcd_t) + +miscfiles_read_localization(nslcd_t) |