Security-Enhanced Linux secures the dirsrv processes via flexible mandatory access control.
If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dirsrv_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
setsebool -P authlogin_nsswitch_use_ldap 1
If you want to allow confined applications to run with kerberos for the dirsrv_t, you must turn on the kerberos_enabled boolean.
setsebool -P kerberos_enabled 1
You can see the context of a file using the -Z option to lsP Policy governs the access confined processes have to these files. SELinux dirsrv policy is very flexible allowing users to setup their dirsrv processes in as secure a method as possible.
The following file types are defined for dirsrv:
dirsrv_config_t
- Set files with the dirsrv_config_t type, if you want to treat the files as dirsrv configuration data, usually stored under the /etc directory.
dirsrv_exec_t
- Set files with the dirsrv_exec_t type, if you want to transition an executable to the dirsrv_t domain.
dirsrv_share_t
- Set files with the dirsrv_share_t type, if you want to treat the files as dirsrv share data.
dirsrv_snmp_exec_t
- Set files with the dirsrv_snmp_exec_t type, if you want to transition an executable to the dirsrv_snmp_t domain.
dirsrv_snmp_var_log_t
- Set files with the dirsrv_snmp_var_log_t type, if you want to treat the data as dirsrv snmp var log data, usually stored under the /var/log directory.
dirsrv_snmp_var_run_t
- Set files with the dirsrv_snmp_var_run_t type, if you want to store the dirsrv snmp files under the /run directory.
dirsrv_tmp_t
- Set files with the dirsrv_tmp_t type, if you want to store dirsrv temporary files in the /tmp directories.
dirsrv_tmpfs_t
- Set files with the dirsrv_tmpfs_t type, if you want to store dirsrv files on a tmpfs file system.
dirsrv_var_lib_t
- Set files with the dirsrv_var_lib_t type, if you want to store the dirsrv files under the /var/lib directory.
dirsrv_var_lock_t
- Set files with the dirsrv_var_lock_t type, if you want to treat the files as dirsrv var lock data, stored under the /var/lock directory
dirsrv_var_log_t
- Set files with the dirsrv_var_log_t type, if you want to treat the data as dirsrv var log data, usually stored under the /var/log directory.
dirsrv_var_run_t
- Set files with the dirsrv_var_run_t type, if you want to store the dirsrv files under the /run directory.
dirsrvadmin_config_t
- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory.
dirsrvadmin_exec_t
- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain.
dirsrvadmin_lock_t
- Set files with the dirsrvadmin_lock_t type, if you want to treat the files as dirsrvadmin lock data, stored under the /var/lock directory
dirsrvadmin_tmp_t
- Set files with the dirsrvadmin_tmp_t type, if you want to store dirsrvadmin temporary files in the /tmp directories.
dirsrvadmin_unconfined_script_exec_t
- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.