232609 – changes to allow saslauthd to work with the kerberos5 mechanism

Bug 232609 - changes to allow saslauthd to work with the kerberos5 mechanism

Summary: changes to allow saslauthd to work with the kerberos5 mechanism

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-03-16 12:53 UTC by Kostas Georgiou
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:	2.4.6-42
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-04-17 16:03:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kostas Georgiou 2007-03-16 12:53:01 UTC

Here is the module that I used to allow saslauthd to work with kerberos5, allow
access to the kaytab and access to tmp_t so it can create cache files. Is there
a better way to handle this other than giving it all this access rights to tmp_t?

module mysaslauthd 1.0.8;

require {
        class dir { search write add_name remove_name };
        class file { getattr lock read write create rename unlink };
        type krb5_keytab_t;
        type saslauthd_t;
        type tmp_t;
        role system_r;
};

allow saslauthd_t krb5_keytab_t:file read;
allow saslauthd_t krb5_keytab_t:file lock;
allow saslauthd_t tmp_t:dir search;
allow saslauthd_t tmp_t:file { getattr read write create rename unlink };
allow saslauthd_t tmp_t:dir { search write add_name remove_name };

Comment 1 Daniel Walsh 2007-03-20 15:35:26 UTC

Fixed in selinux-policy-2.4.6-42.fc6

Note You need to log in before you can comment on or make changes to this bug.