[selinux-policy: 879/3172] fixes from testing

[Daniel J Walsh]

commit dd3544d1a561681806929ebf761eb23c1bb965a0
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Oct 28 13:33:25 2005 +0000

    fixes from testing

 refpolicy/policy/modules/services/ldap.te |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index aa20055..2cd4495 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -38,6 +38,8 @@ allow slapd_t self:process setsched;
 allow slapd_t self:fifo_file { read write };
 allow slapd_t self:netlink_route_socket r_netlink_socket_perms;
 allow slapd_t self:udp_socket create_socket_perms;
+#slapd needs to listen and accept needed by ldapsearch (slapd needs to accept from ldapseach)
+allow slapd_t self:tcp_socket create_stream_socket_perms;
 
 # Allow access to the slapd databases
 allow slapd_t slapd_db_t:dir create_dir_perms;
@@ -106,7 +108,16 @@ sysnet_read_config(slapd_t)
 userdom_dontaudit_use_unpriv_user_fd(slapd_t)
 userdom_dontaudit_search_sysadm_home_dir(slapd_t)
 
-ifdef(`targeted_policy', `
+ifdef(`targeted_policy', 
+	#reh slapcat will want to talk to the terminal
+	term_use_generic_pty(slapd_t)
+	term_use_unallocated_tty(slapd_t)
+
+	userdom_search_generic_user_home_dir(slapd_t)
+	#need to be able to read ldif files created by root
+	# cjp: fix to not use templated interface:
+	userdom_read_user_home_files(user,slapd_t)
+
 	term_dontaudit_use_unallocated_tty(slapd_t)
 	term_dontaudit_use_generic_pty(slapd_t)
 	files_dontaudit_read_root_file(slapd_t)