## SASL authentication server. ######################################## ## ## Connect to SASL. ## ## ## ## Domain allowed access. ## ## # interface(`sasl_connect',` gen_require(` type saslauthd_t, saslauthd_runtime_t; ') files_search_runtime($1) stream_connect_pattern($1, saslauthd_runtime_t, saslauthd_runtime_t, saslauthd_t) ') ######################################## ## ## Read SASL keytab files. ## ## ## ## Domain allowed access. ## ## # interface(`sasl_read_keytab',` gen_require(` type saslauthd_keytab_t; ') files_search_etc($1) read_files_pattern($1, saslauthd_keytab_t, saslauthd_keytab_t) ') ######################################## ## ## Memory map and read SASL keytab files. ## ## ## ## Domain allowed access. ## ## # interface(`sasl_mmap_read_keytab',` gen_require(` type saslauthd_keytab_t; ') files_search_etc($1) mmap_read_files_pattern($1, saslauthd_keytab_t, saslauthd_keytab_t) ') ######################################## ## ## All of the rules required to ## administrate an sasl environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`sasl_admin',` gen_require(` type saslauthd_t, saslauthd_runtime_t, saslauthd_initrc_exec_t; type saslauthd_keytab_t; ') allow $1 saslauthd_t:process { ptrace signal_perms }; ps_process_pattern($1, saslauthd_t) init_startstop_service($1, $2, saslauthd_t, saslauthd_initrc_exec_t) files_list_etc($1) admin_pattern($1, saslauthd_keytab_t) files_list_runtime($1) admin_pattern($1, saslauthd_runtime_t) ')