Stephen Smalley wrote:
On Thu, 2006-03-30 at 17:36 -0500, Daniel J Walsh wrote:
I have been informed that if you are running ldap-with-ssl you will need these permissions.
So added to selinux-policy-2.2.28-3
Available in Rawhide tomorrow On ftp://people.redhat.com/dwalsh/SELinux/Fedora Now
Will be back ported to FC5 soon.
Is this under a boolean? Allowing such wide ranging access to the cert files is obviously not desirable in general...
Which should I put under a boolean?
grep -r miscfiles_read_cert . ./modules/apps/evolution.if: miscfiles_read_certs($1_evolution_server_t) ./modules/system/authlogin.if: miscfiles_read_certs($1_chkpwd_t) ./modules/system/authlogin.if: miscfiles_read_certs($1) ./modules/system/init.te:miscfiles_read_certs(initrc_t) ./modules/system/miscfiles.if:interface(`miscfiles_read_certs',` ./modules/admin/certwatch.te:miscfiles_read_certs(certwatch_t) ./modules/services/dbus.te:miscfiles_read_certs(system_dbusd_t) ./modules/services/cyrus.te:miscfiles_read_certs(cyrus_t) ./modules/services/fetchmail.te:miscfiles_read_certs(fetchmail_t) ./modules/services/dovecot.te:miscfiles_read_certs(dovecot_t) ./modules/services/nscd.te:miscfiles_read_certs(nscd_t) ./modules/services/ldap.te:miscfiles_read_certs(slapd_t) ./modules/services/automount.te:miscfiles_read_certs(automount_t) ./modules/services/postfix.if: miscfiles_read_certs(postfix_$1_t) ./modules/services/sasl.te:miscfiles_read_certs(saslauthd_t) ./modules/services/apache.te:miscfiles_read_certs(httpd_t) ./modules/services/squid.te:miscfiles_read_certs(squid_t)
I just added hal and automount?