policy/modules/services/nslcd.te

   1 policy_module(nslcd, 1.2.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type nslcd_t;
   9 type nslcd_exec_t;
  10 init_daemon_domain(nslcd_t, nslcd_exec_t)
  11
  12 type nslcd_initrc_exec_t;
  13 init_script_file(nslcd_initrc_exec_t)
  14
  15 type nslcd_var_run_t;
  16 files_pid_file(nslcd_var_run_t)
  17
  18 type nslcd_conf_t;
  19 files_config_file(nslcd_conf_t)
  20
  21 ########################################
  22 #
  23 # nslcd local policy
  24 #
  25
  26 allow nslcd_t self:capability { setgid setuid dac_override };
  27 allow nslcd_t self:process { setsched signal };
  28 allow nslcd_t self:unix_stream_socket create_stream_socket_perms;
  29
  30 allow nslcd_t nslcd_conf_t:file read_file_perms;
  31
  32 manage_dirs_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
  33 manage_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
  34 manage_sock_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
  35 files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir })
  36
  37 kernel_read_system_state(nslcd_t)
  38
  39 files_read_etc_files(nslcd_t)
  40 files_read_usr_symlinks(nslcd_t)
  41 files_list_tmp(nslcd_t)
  42
  43 auth_use_nsswitch(nslcd_t)
  44
  45 logging_send_syslog_msg(nslcd_t)
  46
  47 miscfiles_read_localization(nslcd_t)
  48
  49 userdom_read_user_tmp_files(nslcd_t)