freeipa/selinux/README.md

# IPA SELinux policy

The ``ipa`` SELinux policy is used by IPA client and server. The
policy was forked off from [Fedora upstream policy](https://github.com/fedora-selinux/selinux-policy-contrib)
at commit ``b1751347f4af99de8c88630e2f8d0a352d7f5937``.

Some file locations are owned by other policies:

* ``/var/lib/ipa/pki-ca/publish(/.*)?`` is owned by Dogtag PKI policy
* ``/usr/lib/ipa/certmonger(/.*)?`` is owned by certmonger policy
* ``/var/lib/ipa-client(/.*)?`` is owned by realmd policy
Move freeipa-selinux dependency to freeipa-common The SELinux policy defines file contexts that are also used by clients, e.g. /var/log/ipa/. Make freeipa-selinux a dependency of freeipa-common. Related: https://pagure.io/freeipa/issue/6891 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2020-03-20 04:00:06 -05:00			`# IPA SELinux policy`

			The ``ipa`` SELinux policy is used by IPA client and server. The
			`policy was forked off from [Fedora upstream policy](https://github.com/fedora-selinux/selinux-policy-contrib)`
			at commit ``b1751347f4af99de8c88630e2f8d0a352d7f5937``.

			`Some file locations are owned by other policies:`

			* ``/var/lib/ipa/pki-ca/publish(/.*)?`` is owned by Dogtag PKI policy
			* ``/usr/lib/ipa/certmonger(/.*)?`` is owned by certmonger policy
			* ``/var/lib/ipa-client(/.*)?`` is owned by realmd policy