[refpolicy] [PATCH 1/3] kerberos: Introduce kerberos_filetrans_named_content interface

Jason Zaman jason at perfinion.com
Tue Oct 31 05:37:56 UTC 2017


---
 kerberos.if | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/kerberos.if b/kerberos.if
index c8c5a37..8b46c1b 100644
--- a/kerberos.if
+++ b/kerberos.if
@@ -425,6 +425,41 @@ interface(`kerberos_connect_524',`
 
 ########################################
 ## <summary>
+##	Transition to kerberos named content
+## </summary>
+## <param name="domain">
+##	<summary>
+##      Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kerberos_filetrans_named_content',`
+	gen_require(`
+		type krb5_conf_t, krb5_keytab_t, krb5kdc_conf_t;
+		type krb5kdc_principal_t;
+	')
+
+	files_etc_filetrans($1, krb5_conf_t, file, "krb5.conf")
+	filetrans_pattern($1, krb5kdc_conf_t, krb5_keytab_t, file, "kadm5.keytab")
+	filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal")
+	filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal0")
+	filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal1")
+
+	kerberos_etc_filetrans_keytab($1, file, "krb5.keytab")
+
+	kerberos_tmp_filetrans_host_rcache($1, file, "DNS_25")
+	kerberos_tmp_filetrans_host_rcache($1, file, "host_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "HTTP_23")
+	kerberos_tmp_filetrans_host_rcache($1, file, "HTTP_48")
+	kerberos_tmp_filetrans_host_rcache($1, file, "imap_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "nfs_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "ldapmap1_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "ldap_487")
+	kerberos_tmp_filetrans_host_rcache($1, file, "ldap_55")
+')
+
+########################################
+## <summary>
 ##	All of the rules required to
 ##	administrate an kerberos environment.
 ## </summary>
-- 
2.13.6



More information about the refpolicy mailing list