From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 11 Apr 2012 19:58:04 +0200 Subject: [refpolicy] [PATCH v2 1/1] DHCPd supports LDAP backend infrastructure Message-ID: <20120411175803.GA4597@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The DHCP daemon supports LDAP as a back-end infrastructure too (next to its file-based backend). Support for this case is encapsulated within a dhcpd_use_ldap boolean (using "dhcpd_" instead of "dhcp_" to not confuse daemon and client). Signed-off-by: Sven Vermeulen --- dhcp.te | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/dhcp.te b/dhcp.te index d4424ad..4456428 100644 --- a/dhcp.te +++ b/dhcp.te @@ -5,6 +5,14 @@ policy_module(dhcp, 1.9.0) # Declarations # +## +##

+## Allow DHCP daemon to use LDAP backends +##

+##
+gen_tunable(dhcpd_use_ldap, true) + + type dhcpd_t; type dhcpd_exec_t; init_daemon_domain(dhcpd_t, dhcpd_exec_t) @@ -105,6 +113,10 @@ ifdef(`distro_gentoo',` allow dhcpd_t self:capability { chown dac_override setgid setuid sys_chroot }; ') +tunable_policy(`dhcpd_use_ldap',` + sysnet_use_ldap(dhcpd_t) +') + optional_policy(` # used for dynamic DNS bind_read_dnssec_keys(dhcpd_t) -- 1.7.3.4