|
 |
1ec3d1a |
## <summary>Likewise Active Directory support for UNIX.</summary>
|
|
|
366763e |
## <desc>
|
|
|
366763e |
##
|
|
|
366763e |
## Likewise Open is a free, open source application that joins Linux, Unix,
|
|
|
366763e |
## and Mac machines to Microsoft Active Directory to securely authenticate
|
|
|
366763e |
## users with their domain credentials.
|
|
|
366763e |
##
|
|
|
366763e |
## </desc>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The template to define a likewise domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
366763e |
## <desc>
|
|
|
366763e |
##
|
|
|
366763e |
## This template creates a domain to be used for
|
|
|
366763e |
## a new likewise daemon.
|
|
|
366763e |
##
|
|
|
366763e |
## </desc>
|
|
|
1ec3d1a |
## <param name="userdomain_prefix">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The type of daemon to be used.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
template(`likewise_domain_template',`
|
|
|
366763e |
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
attribute likewise_domains;
|
|
|
1ec3d1a |
type likewise_var_lib_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# Declarations
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type $1_t;
|
|
|
1ec3d1a |
type $1_exec_t;
|
|
|
1ec3d1a |
init_daemon_domain($1_t, $1_exec_t)
|
|
|
366763e |
domain_use_interactive_fds($1_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
typeattribute $1_t likewise_domains;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type $1_var_run_t;
|
|
|
1ec3d1a |
files_pid_file($1_var_run_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type $1_var_socket_t;
|
|
|
1ec3d1a |
files_type($1_var_socket_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type $1_var_lib_t;
|
|
|
1ec3d1a |
files_type($1_var_lib_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
####################################
|
|
|
1ec3d1a |
#
|
|
|
366763e |
# Local Policy
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1_t self:process { signal_perms getsched setsched };
|
|
|
1ec3d1a |
allow $1_t self:fifo_file rw_fifo_file_perms;
|
|
|
366763e |
allow $1_t self:unix_dgram_socket create_socket_perms;
|
|
|
366763e |
allow $1_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
1ec3d1a |
allow $1_t self:tcp_socket create_stream_socket_perms;
|
|
|
1ec3d1a |
allow $1_t self:udp_socket create_socket_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1_t likewise_var_lib_t:dir setattr_dir_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
|
|
|
1ec3d1a |
files_pid_filetrans($1_t, $1_var_run_t, file)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_files_pattern($1_t, likewise_var_lib_t, $1_var_lib_t)
|
|
|
1ec3d1a |
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_lib_t, file)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_sock_files_pattern($1_t, likewise_var_lib_t, $1_var_socket_t)
|
|
|
1ec3d1a |
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_socket_t, sock_file)
|
|
|
1ec3d1a |
|
|
|
1f86dac |
kernel_read_system_state($1_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
logging_send_syslog_msg($1_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
366763e |
## Connect to lsassd.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`likewise_stream_connect_lsassd',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type likewise_var_lib_t, lsassd_var_socket_t, lsassd_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
files_search_pids($1)
|
|
|
1ec3d1a |
stream_connect_pattern($1, likewise_var_lib_t, lsassd_var_socket_t, lsassd_t)
|
|
|
1ec3d1a |
')
|