FC5 LDAP issues
Daniel J Walsh
dwalsh at redhat.com
Fri Mar 31 17:08:04 UTC 2006
Stephen Smalley wrote:
> On Thu, 2006-03-30 at 17:36 -0500, Daniel J Walsh wrote:
>
>> I have been informed that if you are running ldap-with-ssl you will need
>> these permissions.
>>
>> So added to selinux-policy-2.2.28-3
>>
>> Available in Rawhide tomorrow
>> On ftp://people.redhat.com/dwalsh/SELinux/Fedora Now
>>
>> Will be back ported to FC5 soon.
>>
>
> Is this under a boolean? Allowing such wide ranging access to the cert
> files is obviously not desirable in general...
>
>
Which should I put under a boolean?
grep -r miscfiles_read_cert .
./modules/apps/evolution.if: miscfiles_read_certs($1_evolution_server_t)
./modules/system/authlogin.if: miscfiles_read_certs($1_chkpwd_t)
./modules/system/authlogin.if: miscfiles_read_certs($1)
./modules/system/init.te:miscfiles_read_certs(initrc_t)
./modules/system/miscfiles.if:interface(`miscfiles_read_certs',`
./modules/admin/certwatch.te:miscfiles_read_certs(certwatch_t)
./modules/services/dbus.te:miscfiles_read_certs(system_dbusd_t)
./modules/services/cyrus.te:miscfiles_read_certs(cyrus_t)
./modules/services/fetchmail.te:miscfiles_read_certs(fetchmail_t)
./modules/services/dovecot.te:miscfiles_read_certs(dovecot_t)
./modules/services/nscd.te:miscfiles_read_certs(nscd_t)
./modules/services/ldap.te:miscfiles_read_certs(slapd_t)
./modules/services/automount.te:miscfiles_read_certs(automount_t)
./modules/services/postfix.if: miscfiles_read_certs(postfix_$1_t)
./modules/services/sasl.te:miscfiles_read_certs(saslauthd_t)
./modules/services/apache.te:miscfiles_read_certs(httpd_t)
./modules/services/squid.te:miscfiles_read_certs(squid_t)
I just added hal and automount?
More information about the fedora-selinux-list
mailing list