IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow httpd to read unix sockets so it can communicate to DS over ldapi

Browse Source
This commit is contained in:
Rob Crittenden 2009-08-28 13:10:41 -04:00
parent b80e773c1d
commit a269df5420
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
selinux/ipa_httpd/ipa_httpd.te
View File

@ -3,9 +3,12 @@ module ipa_httpd 1.0;
require { require {
type pki_ca_var_lib_t; type pki_ca_var_lib_t;
type httpd_t; type httpd_t;
type initrc_t;
class lnk_file { read getattr }; class lnk_file { read getattr };
class dir { read search open getattr }; class dir { read search open getattr };
class file { getattr read open execute }; class file { getattr read open execute };
class sock_file { write };
class unix_stream_socket connectto;
} }
# Let Apache read the directories within the certificate authority # Let Apache read the directories within the certificate authority
@ -14,3 +17,6 @@ allow httpd_t pki_ca_var_lib_t:dir { read search open getattr };
allow httpd_t pki_ca_var_lib_t:file { read getattr open }; allow httpd_t pki_ca_var_lib_t:file { read getattr open };
allow httpd_t pki_ca_var_lib_t:lnk_file { read getattr }; allow httpd_t pki_ca_var_lib_t:lnk_file { read getattr };
# Let Apache talk to DS over ldapi
allow httpd_t var_run_t:sock_file { write };
allow httpd_t initrc_t:unix_stream_socket connectto;