IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add permissions for named to communicate over ldapi

Browse Source
This commit is contained in:
Rob Crittenden 2010-01-27 14:51:53 -05:00
parent e672510c06
commit ececb849d2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
selinux/ipa_httpd/ipa_httpd.te
View File

@ -2,6 +2,7 @@ module ipa_httpd 1.2;
require {
type httpd_t;
type named_t;
type initrc_t;
type var_run_t;
type krb5kdc_t;
@ -11,11 +12,13 @@ require {
class file write;
}
# Let Apache and the KDC talk to DS over ldapi
# Let Apache, bind and the KDC talk to DS over ldapi
allow httpd_t var_run_t:sock_file write;
allow httpd_t initrc_t:unix_stream_socket connectto;
allow krb5kdc_t var_run_t:sock_file write;
allow krb5kdc_t initrc_t:unix_stream_socket connectto;
allow named_t var_run_t:sock_file write;
allow named_t initrc_t:unix_stream_socket connectto;
# Let Apache access the NSS certificate database so it can issue certs
# See ipa_httpd.fe for the list of files that are granted write access