Add httpd_can_connect_ldap() interface

author Miroslav Grepl <mgrepl@redhat.com>

Thu, 15 Dec 2011 17:38:21 +0000 (17:38 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Thu, 15 Dec 2011 17:38:21 +0000 (17:38 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Thu, 15 Dec 2011 17:38:21 +0000 (17:38 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Thu, 15 Dec 2011 17:38:21 +0000 (17:38 +0000)
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te

index 2ef8fefb269027215a8cdc84a7f0acbecdfb688e..6b7400b03a433782a8dd953c474d1f1a31545cf4 100644 (file)
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -143,6 +143,13 @@ gen_tunable(httpd_enable_ftp_server, false)
  ## </desc>
  gen_tunable(httpd_can_connect_ftp, false)
  
+## <desc>
+##  <p>
+##  Allow httpd to connect to the ldap port 
+##  </p>
+## </desc>
+gen_tunable(httpd_can_connect_ldap, false)
+
  ## <desc>
  ##     <p>
  ##     Allow httpd to read home directories
@@ -641,6 +648,10 @@ tunable_policy(`httpd_can_connect_ftp',`
         corenet_tcp_connect_all_ephemeral_ports(httpd_t)
  ')
  
+tunable_policy(`httpd_can_connect_ldap',`
+    corenet_tcp_connect_ldap_port(httpd_t)
+')
+
  tunable_policy(`httpd_enable_ftp_server',`
         corenet_tcp_bind_ftp_port(httpd_t)
         corenet_tcp_bind_all_ephemeral_ports(httpd_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 15 Dec 2011 17:38:21 +0000 (17:38 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 15 Dec 2011 17:38:21 +0000 (17:38 +0000)