/usr/lib/dirsrv/cgi-bin/ds_create -- gen_context(system_u:object_r:dirsrvadmin_unconfined_script_exec_t,s0)
/usr/lib/dirsrv/cgi-bin/ds_remove -- gen_context(system_u:object_r:dirsrvadmin_unconfined_script_exec_t,s0)
+
+/var/lock/subsys/dirsrv -- gen_context(system_u:object_r:dirsrvadmin_lock_t,s0)
type dirsrvadmin_config_t;
files_type(dirsrvadmin_config_t)
+type dirsrvadmin_lock_t;
+files_lock_file(dirsrvadmin_lock_t)
+
type dirsrvadmin_tmp_t;
files_tmp_file(dirsrvadmin_tmp_t)
allow httpd_dirsrvadmin_script_t self:netlink_route_socket r_netlink_socket_perms;
allow httpd_dirsrvadmin_script_t self:sem create_sem_perms;
+
+ manage_files_pattern(httpd_dirsrvadmin_script_t_t, dirsrvadmin_lock_t, dirsrvadmin_lock_t)
+ files_lock_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_lock_t, { file })
+
kernel_read_kernel_sysctls(httpd_dirsrvadmin_script_t)
corenet_all_recvfrom_unlabeled(httpd_dirsrvadmin_script_t)