## External plugin for mod_authnz_external authenticator.
########################################
##
## Role access for pwauth.
##
##
##
## Role allowed access.
##
##
##
##
## User domain for the role.
##
##
#
interface(`pwauth_role',`
gen_require(`
type pwauth_t;
')
pwauth_run($2, $1)
ps_process_pattern($2, pwauth_t)
allow $2 pwauth_t:process { ptrace signal_perms };
')
########################################
##
## Execute pwauth in the pwauth domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`pwauth_domtrans',`
gen_require(`
type pwauth_t, pwauth_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, pwauth_exec_t, pwauth_t)
')
########################################
##
## Execute pwauth in the pwauth
## domain, and allow the specified
## role the pwauth domain.
##
##
##
## Domain allowed to transition.
##
##
##
##
## Role allowed access.
##
##
#
interface(`pwauth_run',`
gen_require(`
attribute_role pwauth_roles;
')
pwauth_domtrans($1)
roleattribute $2 pwauth_roles;
')