From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 23 Apr 2012 08:40:01 -0400 Subject: [refpolicy] [PATCH v2 1/1] DHCPd supports LDAP backend infrastructure In-Reply-To: <20120411175803.GA4597@siphos.be> References: <20120411175803.GA4597@siphos.be> Message-ID: <4F954DA1.7090408@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/11/12 13:58, Sven Vermeulen wrote: > The DHCP daemon supports LDAP as a back-end infrastructure too (next to its file-based backend). Support for this case is > encapsulated within a dhcpd_use_ldap boolean (using "dhcpd_" instead of "dhcp_" to not confuse daemon and client). Merged. > Signed-off-by: Sven Vermeulen > --- > dhcp.te | 12 ++++++++++++ > 1 files changed, 12 insertions(+), 0 deletions(-) > > diff --git a/dhcp.te b/dhcp.te > index d4424ad..4456428 100644 > --- a/dhcp.te > +++ b/dhcp.te > @@ -5,6 +5,14 @@ policy_module(dhcp, 1.9.0) > # Declarations > # > > +## > +##

> +## Allow DHCP daemon to use LDAP backends > +##

> +## > +gen_tunable(dhcpd_use_ldap, true) > + > + > type dhcpd_t; > type dhcpd_exec_t; > init_daemon_domain(dhcpd_t, dhcpd_exec_t) > @@ -105,6 +113,10 @@ ifdef(`distro_gentoo',` > allow dhcpd_t self:capability { chown dac_override setgid setuid sys_chroot }; > ') > > +tunable_policy(`dhcpd_use_ldap',` > + sysnet_use_ldap(dhcpd_t) > +') > + > optional_policy(` > # used for dynamic DNS > bind_read_dnssec_keys(dhcpd_t) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com