]>
Commit | Line | Data |
---|---|---|
f33561f5 | 1 | ## <summary>SASL authentication server</summary> |
ea557a85 CP |
2 | |
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Connect to SASL. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
885b83ec | 8 | ## <summary> |
ea557a85 | 9 | ## Domain allowed access. |
885b83ec | 10 | ## </summary> |
ea557a85 CP |
11 | ## </param> |
12 | # | |
13 | interface(`sasl_connect',` | |
14 | gen_require(` | |
15 | type saslauthd_t, saslauthd_var_run_t; | |
16 | ') | |
17 | ||
18 | files_search_pids($1) | |
0bfccda4 | 19 | stream_connect_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t, saslauthd_t) |
ea557a85 | 20 | ') |
7a5e2d8a CP |
21 | |
22 | ######################################## | |
23 | ## <summary> | |
24 | ## All of the rules required to administrate | |
25 | ## an sasl environment | |
26 | ## </summary> | |
27 | ## <param name="domain"> | |
28 | ## <summary> | |
29 | ## Domain allowed access. | |
30 | ## </summary> | |
31 | ## </param> | |
aa7c463e CP |
32 | ## <param name="role"> |
33 | ## <summary> | |
34 | ## Role allowed access. | |
35 | ## </summary> | |
36 | ## </param> | |
7a5e2d8a CP |
37 | ## <rolecap/> |
38 | # | |
39 | interface(`sasl_admin',` | |
40 | gen_require(` | |
479adb16 | 41 | type saslauthd_t, saslauthd_var_run_t; |
06099da6 | 42 | type saslauthd_initrc_exec_t; |
7a5e2d8a CP |
43 | ') |
44 | ||
995bdbb1 | 45 | allow $1 saslauthd_t:process signal_perms; |
b34db7a8 | 46 | ps_process_pattern($1, saslauthd_t) |
995bdbb1 | 47 | tunable_policy(`deny_ptrace',`',` |
48 | allow $1 saslauthd_t:process ptrace; | |
49 | ') | |
06099da6 CP |
50 | |
51 | init_labeled_script_domtrans($1, saslauthd_initrc_exec_t) | |
52 | domain_system_change_exemption($1) | |
53 | role_transition $2 saslauthd_initrc_exec_t system_r; | |
54 | allow $2 system_r; | |
55 | ||
7a5e2d8a | 56 | files_list_pids($1) |
06099da6 | 57 | admin_pattern($1, saslauthd_var_run_t) |
7a5e2d8a | 58 | ') |