selinux: enable httpd_run_ipa to allow communicating with oddjobd services

A new SELinux policy allows communication between IPA framework running under Apache with oddjobd-based services via DBus. This communication is crucial for one-way trust support and also is required for any out of band tools which may be executed by IPA framework. Details of out of band communication and SELinux policy can be found in a bug https://bugzilla.redhat.com/show_bug.cgi?id=1238165 Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-07-14 11:11:36 +00:00 · 2015-07-14 11:11:36 +00:00 · 706c003615
commit 706c003615
parent 9d69ad2428
2 changed files with 2 additions and 1 deletions
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@ -8,7 +8,7 @@
 %global selinux_policy_version 3.12.1-153
 %else
 %global samba_version 2:4.0.5-1
-%global selinux_policy_version 3.12.1-179
+%global selinux_policy_version 3.13.1-128.6
 %endif

 %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@ -46,6 +46,7 @@ from ipaplatform import services
 SELINUX_BOOLEAN_SETTINGS = dict(
    httpd_can_network_connect='on',
    httpd_manage_ipa='on',
+    httpd_run_ipa='on',
 )