Systems that use LDAPS (LDAP over SSL/TLS) for their sysnet_* activities
currently fail since these domains do not allow proper access to the random
devices (needed for SSL/TLS). This patch adds this privilege to
sysnet_use_ldap.
Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/system/sysnetwork.if | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index ff80d0a..4c87a08 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -698,6 +698,10 @@ interface(`sysnet_use_ldap',`
corenet_sendrecv_ldap_client_packets($1)
sysnet_read_config($1)
+
+ # Support for LDAPS
+ dev_read_rand($1)
+ dev_read_urand($1)
')
########################################
--
1.7.3.4
On 08/23/11 07:29, Sven Vermeulen wrote:
> Systems that use LDAPS (LDAP over SSL/TLS) for their sysnet_* activities
> currently fail since these domains do not allow proper access to the random
> devices (needed for SSL/TLS). This patch adds this privilege to
> sysnet_use_ldap.
>
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> policy/modules/system/sysnetwork.if | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
> index ff80d0a..4c87a08 100644
> --- a/policy/modules/system/sysnetwork.if
> +++ b/policy/modules/system/sysnetwork.if
> @@ -698,6 +698,10 @@ interface(`sysnet_use_ldap',`
> corenet_sendrecv_ldap_client_packets($1)
>
> sysnet_read_config($1)
> +
> + # Support for LDAPS
> + dev_read_rand($1)
> + dev_read_urand($1)
> ')
>
> ########################################
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com