From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 8 Feb 2012 15:39:07 -0500
Subject: [refpolicy] [PATCH 1/1] DHCPd supports LDAP backend
	infrastructure
In-Reply-To: <20111127191015.GA758@siphos.be>
References: <20111127191015.GA758@siphos.be>
Message-ID: <4F32DD6B.1040403@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/27/11 14:10, Sven Vermeulen wrote:
> The DHCP daemon supports LDAP as a back-end infrastructure too (next to its
> file-based backend).

I think we want to make this conditional, as that adds a bunch of extra networking permissions to a relatively privileged domain, for an uncommon case.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  dhcp.te |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/dhcp.te b/dhcp.te
> index d4424ad..96497cc 100644
> --- a/dhcp.te
> +++ b/dhcp.te
> @@ -97,6 +97,7 @@ logging_send_syslog_msg(dhcpd_t)
>  miscfiles_read_localization(dhcpd_t)
>  
>  sysnet_read_dhcp_config(dhcpd_t)
> +sysnet_use_ldap(dhcpd_t)
>  
>  userdom_dontaudit_use_unpriv_user_fds(dhcpd_t)
>  userdom_dontaudit_search_user_home_dirs(dhcpd_t)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com