>From 0dedc61d90e84e15dad2d9ade77bc5503f6e4b62 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Thu, 10 Sep 2009 08:35:22 -0700
Subject: [PATCH] SELinux policy change for LDAPI

We need to allow ns-slapd to manage the ldapi socket in the
dirsrv SELinux policy.  This patch adds the proper rules.
---
 selinux/dirsrv.te |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te
index ea10355..872e42f 100644
--- a/selinux/dirsrv.te
+++ b/selinux/dirsrv.te
@@ -88,12 +88,15 @@ logging_log_filetrans(dirsrv_t,dirsrv_var_log_t,{ sock_file file dir })
 
 # pid files
 manage_files_pattern(dirsrv_t, dirsrv_var_run_t, dirsrv_var_run_t)
-files_pid_filetrans(dirsrv_t,dirsrv_var_run_t, { file sock_file })
+files_pid_filetrans(dirsrv_t, dirsrv_var_run_t, { file sock_file })
+
+# ldapi socket
+manage_sock_files_pattern(dirsrv_t, dirsrv_var_run_t, dirsrv_var_run_t)
 
 #lock files
 manage_files_pattern(dirsrv_t, dirsrv_var_lock_t, dirsrv_var_lock_t)
 manage_dirs_pattern(dirsrv_t, dirsrv_var_lock_t, dirsrv_var_lock_t)
-files_lock_filetrans(dirsrv_t,dirsrv_var_lock_t, { file })
+files_lock_filetrans(dirsrv_t, dirsrv_var_lock_t, { file })
 
 # config files
 manage_files_pattern(dirsrv_t, dirsrv_config_t, dirsrv_config_t)
-- 
1.6.2.5