From: jason@perfinion.com (Jason Zaman)
Date: Tue, 31 Oct 2017 13:37:56 +0800
Subject: [refpolicy] [PATCH 1/3] kerberos: Introduce
kerberos_filetrans_named_content interface
Message-ID: <20171031053758.7816-1-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
---
kerberos.if | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/kerberos.if b/kerberos.if
index c8c5a37..8b46c1b 100644
--- a/kerberos.if
+++ b/kerberos.if
@@ -425,6 +425,41 @@ interface(`kerberos_connect_524',`
########################################
##
+## Transition to kerberos named content
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`kerberos_filetrans_named_content',`
+ gen_require(`
+ type krb5_conf_t, krb5_keytab_t, krb5kdc_conf_t;
+ type krb5kdc_principal_t;
+ ')
+
+ files_etc_filetrans($1, krb5_conf_t, file, "krb5.conf")
+ filetrans_pattern($1, krb5kdc_conf_t, krb5_keytab_t, file, "kadm5.keytab")
+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal")
+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal0")
+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal1")
+
+ kerberos_etc_filetrans_keytab($1, file, "krb5.keytab")
+
+ kerberos_tmp_filetrans_host_rcache($1, file, "DNS_25")
+ kerberos_tmp_filetrans_host_rcache($1, file, "host_0")
+ kerberos_tmp_filetrans_host_rcache($1, file, "HTTP_23")
+ kerberos_tmp_filetrans_host_rcache($1, file, "HTTP_48")
+ kerberos_tmp_filetrans_host_rcache($1, file, "imap_0")
+ kerberos_tmp_filetrans_host_rcache($1, file, "nfs_0")
+ kerberos_tmp_filetrans_host_rcache($1, file, "ldapmap1_0")
+ kerberos_tmp_filetrans_host_rcache($1, file, "ldap_487")
+ kerberos_tmp_filetrans_host_rcache($1, file, "ldap_55")
+')
+
+########################################
+##
## All of the rules required to
## administrate an kerberos environment.
##
--
2.13.6