IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

SELinux: do not double-define node_t and pki_tomcat_cert_t

Browse Source 
node_t and pki_tomcat_cert_t are defined in other modules.
Do not double-define them.

Fixes: https://pagure.io/freeipa/issue/8513
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
François Cami 2020-09-23 09:17:53 +02:00 committed by Christian Heimes
parent 84bbf68781
commit 36c6a2e749
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
selinux/ipa.te
View File

@ -74,9 +74,6 @@ logging_log_file(ipa_custodia_log_t)
type ipa_custodia_tmp_t; type ipa_custodia_tmp_t;
files_tmp_file(ipa_custodia_tmp_t) files_tmp_file(ipa_custodia_tmp_t)
type pki_tomcat_cert_t;
type node_t;
type ipa_pki_retrieve_key_exec_t; type ipa_pki_retrieve_key_exec_t;
type ipa_pki_retrieve_key_t; type ipa_pki_retrieve_key_t;
domain_type(ipa_pki_retrieve_key_t) domain_type(ipa_pki_retrieve_key_t)
@ -339,12 +336,6 @@ allow ipa_custodia_t self:unix_dgram_socket create_socket_perms;
allow ipa_custodia_t self:tcp_socket { bind create }; allow ipa_custodia_t self:tcp_socket { bind create };
allow ipa_custodia_t self:udp_socket create_socket_perms; allow ipa_custodia_t self:udp_socket create_socket_perms;
allow ipa_custodia_t node_t:tcp_socket node_bind;
allow ipa_custodia_t pki_tomcat_cert_t:dir remove_name;
allow ipa_custodia_t pki_tomcat_cert_t:file create;
allow ipa_custodia_t pki_tomcat_cert_t:file unlink;
manage_dirs_pattern(ipa_custodia_t,ipa_custodia_log_t,ipa_custodia_log_t) manage_dirs_pattern(ipa_custodia_t,ipa_custodia_log_t,ipa_custodia_log_t)
manage_files_pattern(ipa_custodia_t, ipa_custodia_log_t, ipa_custodia_log_t) manage_files_pattern(ipa_custodia_t, ipa_custodia_log_t, ipa_custodia_log_t)
logging_log_filetrans(ipa_custodia_t, ipa_custodia_log_t, { dir file }) logging_log_filetrans(ipa_custodia_t, ipa_custodia_log_t, { dir file })
@ -456,3 +447,19 @@ optional_policy(`
kerberos_read_config(tomcat_t) kerberos_read_config(tomcat_t)
kerberos_read_keytab(tomcat_t) kerberos_read_keytab(tomcat_t)
') ')
optional_policy(`
gen_require(`
type node_t;
')
allow ipa_custodia_t node_t:tcp_socket node_bind;
')
optional_policy(`
gen_require(`
type pki_tomcat_cert_t;
')
allow ipa_custodia_t pki_tomcat_cert_t:dir remove_name;
allow ipa_custodia_t pki_tomcat_cert_t:file create;
allow ipa_custodia_t pki_tomcat_cert_t:file unlink;
')