1 |
commit: 51e8feedcd1d053ef5f7ad33e03b0268ccd12ddf |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Mon Oct 29 09:07:44 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Mon Oct 29 14:48:35 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=51e8feed |
7 |
|
8 |
Changes to the sssd policy module |
9 |
|
10 |
Ported from Fedora with changes |
11 |
|
12 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
13 |
|
14 |
--- |
15 |
policy/modules/contrib/sssd.if | 4 ++-- |
16 |
policy/modules/contrib/sssd.te | 4 +++- |
17 |
2 files changed, 5 insertions(+), 3 deletions(-) |
18 |
|
19 |
diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if |
20 |
index 4377175..9504d77 100644 |
21 |
--- a/policy/modules/contrib/sssd.if |
22 |
+++ b/policy/modules/contrib/sssd.if |
23 |
@@ -156,7 +156,7 @@ interface(`sssd_manage_public_files',` |
24 |
|
25 |
######################################## |
26 |
## <summary> |
27 |
-## Read sssd PID files. |
28 |
+## Read sssd pid files. |
29 |
## </summary> |
30 |
## <param name="domain"> |
31 |
## <summary> |
32 |
@@ -176,7 +176,7 @@ interface(`sssd_read_pid_files',` |
33 |
######################################## |
34 |
## <summary> |
35 |
## Create, read, write, and delete |
36 |
-## sssd var_run content. |
37 |
+## sssd pid content. |
38 |
## </summary> |
39 |
## <param name="domain"> |
40 |
## <summary> |
41 |
|
42 |
diff --git a/policy/modules/contrib/sssd.te b/policy/modules/contrib/sssd.te |
43 |
index 0a4b8d3..ff8d522 100644 |
44 |
--- a/policy/modules/contrib/sssd.te |
45 |
+++ b/policy/modules/contrib/sssd.te |
46 |
@@ -1,4 +1,4 @@ |
47 |
-policy_module(sssd, 1.1.2) |
48 |
+policy_module(sssd, 1.1.3) |
49 |
|
50 |
######################################## |
51 |
# |
52 |
@@ -112,6 +112,7 @@ logging_send_syslog_msg(sssd_t) |
53 |
logging_send_audit_msgs(sssd_t) |
54 |
|
55 |
miscfiles_read_generic_certs(sssd_t) |
56 |
+miscfiles_read_localization(sssd_t) |
57 |
|
58 |
sysnet_dns_name_resolve(sssd_t) |
59 |
sysnet_use_ldap(sssd_t) |
60 |
@@ -122,6 +123,7 @@ optional_policy(` |
61 |
') |
62 |
|
63 |
optional_policy(` |
64 |
+ kerberos_read_config(sssd_t) |
65 |
kerberos_manage_host_rcache(sssd_t) |
66 |
kerberos_tmp_filetrans_host_rcache(sssd_t, file, "host_0") |
67 |
') |