From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 15 Dec 2011 17:38:21 +0000 (+0000)
Subject: Add httpd_can_connect_ldap() interface
X-Git-Tag: 000~15^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f6155fb6c262b7a9463013357b3959c6eb1e40b5;p=people%2Fstevee%2Fselinux-policy.git

Add httpd_can_connect_ldap() interface
---

diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 2ef8fefb..6b7400b0 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -143,6 +143,13 @@ gen_tunable(httpd_enable_ftp_server, false)
 ## </desc>
 gen_tunable(httpd_can_connect_ftp, false)
 
+## <desc>
+##  <p>
+##  Allow httpd to connect to the ldap port 
+##  </p>
+## </desc>
+gen_tunable(httpd_can_connect_ldap, false)
+
 ## <desc>
 ##	<p>
 ##	Allow httpd to read home directories
@@ -641,6 +648,10 @@ tunable_policy(`httpd_can_connect_ftp',`
 	corenet_tcp_connect_all_ephemeral_ports(httpd_t)
 ')
 
+tunable_policy(`httpd_can_connect_ldap',`
+    corenet_tcp_connect_ldap_port(httpd_t)
+')
+
 tunable_policy(`httpd_enable_ftp_server',`
 	corenet_tcp_bind_ftp_port(httpd_t)
 	corenet_tcp_bind_all_ephemeral_ports(httpd_t)