From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 24 Aug 2011 09:39:55 -0400 Subject: [refpolicy] [PATCH 1/1] Support LDAPS for nsswitch-related network activity In-Reply-To: <20110823112949.GA6050@siphos.be> References: <20110823112949.GA6050@siphos.be> Message-ID: <4E54FF2B.8030200@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/23/11 07:29, Sven Vermeulen wrote: > Systems that use LDAPS (LDAP over SSL/TLS) for their sysnet_* activities > currently fail since these domains do not allow proper access to the random > devices (needed for SSL/TLS). This patch adds this privilege to > sysnet_use_ldap. > > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/sysnetwork.if | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if > index ff80d0a..4c87a08 100644 > --- a/policy/modules/system/sysnetwork.if > +++ b/policy/modules/system/sysnetwork.if > @@ -698,6 +698,10 @@ interface(`sysnet_use_ldap',` > corenet_sendrecv_ldap_client_packets($1) > > sysnet_read_config($1) > + > + # Support for LDAPS > + dev_read_rand($1) > + dev_read_urand($1) > ') > > ######################################## Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com