IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Some SELinux policy changes provided by Dan Walsh.

Browse Source 
440651
This commit is contained in:
Rob Crittenden
2008-04-07 23:38:51 -04:00
parent dc861888ad
commit 039581d1ed
3 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ipa-server/ipa-server.spec
View File

@@ -1,6 +1,6 @@
Name: ipa-server
Version: 0.99.0
Release: 4%{?dist}
Release: 5%{?dist}
Summary: IPA authentication server
Group: System Environment/Base
@@ -92,7 +92,7 @@ fi
/bin/touch /var/log/ipa_error.log
/bin/chown apache /var/log/ipa_error.log
/bin/chmod 600 /var/log/ipa_error.log
restorecon /var/log/ipa_error.log
%preun
if [ $1 = 0 ]; then
@@ -166,6 +166,9 @@ fi
%{_mandir}/man1/ipa-server-install.1.gz
%changelog
* Fri Mar 14 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-5
- Run restorecon on /var/log/ipa_error.log to ensure correct selinux context
* Fri Mar 14 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-4
- Add missing man pages
- Add Conflicts for mod_ssl

7
ipa-server/ipa-server.spec.in
View File

@@ -1,6 +1,6 @@
Name: ipa-server
Version: VERSION
Release: 4%{?dist}
Release: 5%{?dist}
Summary: IPA authentication server
Group: System Environment/Base
@@ -92,7 +92,7 @@ fi
/bin/touch /var/log/ipa_error.log
/bin/chown apache /var/log/ipa_error.log
/bin/chmod 600 /var/log/ipa_error.log
restorecon /var/log/ipa_error.log
%preun
if [ $1 = 0 ]; then
@@ -166,6 +166,9 @@ fi
%{_mandir}/man1/ipa-server-install.1.gz
%changelog
* Fri Mar 14 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-5
- Run restorecon on /var/log/ipa_error.log to ensure correct selinux context
* Fri Mar 14 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-4
- Add missing man pages
- Add Conflicts for mod_ssl

8
ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te
View File

@@ -16,6 +16,7 @@ init_daemon_domain(ipa_kpasswd_t, ipa_kpasswd_exec_t)
# IPA kpasswd local policy
#
allow ipa_kpasswd_t self:capability { sys_nice dac_override };
allow ipa_kpasswd_t self:tcp_socket create_stream_socket_perms;
allow ipa_kpasswd_t self:udp_socket create_socket_perms;
@@ -36,6 +37,8 @@ logging_send_syslog_msg(ipa_kpasswd_t)
miscfiles_read_localization(ipa_kpasswd_t)
kerberos_use(ipa_kpasswd_t)
kerberos_manage_host_rcache(ipa_kpasswd_t)
kerberos_read_kdc_config(ipa_kpasswd_t)
kernel_read_system_state(ipa_kpasswd_t)
@@ -58,3 +61,8 @@ corenet_tcp_bind_all_nodes(ipa_kpasswd_t)
corenet_udp_bind_all_nodes(ipa_kpasswd_t)
corenet_tcp_bind_kerberos_admin_port(ipa_kpasswd_t)
corenet_udp_bind_kerberos_admin_port(ipa_kpasswd_t)
require {
type krb5kdc_conf_t;
};
allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms;