IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

SELinux Policy: ipa_pki_retrieve_key_exec_t => ipa_pki_retrieve_key_t

Browse Source 
Grant pki_manage_tomcat_etc_rw to ipa_pki_retrieve_key_t instead of
ipa_pki_retrieve_key_exec_t.
As suggested by Ondrej Mosnáček.

Fixes: https://pagure.io/freeipa/issue/8488
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-By: Lukas Vrabec <lvrabec@redhat.com>
Reviewed-By: Zdenek Pytela <zpytela@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
This commit is contained in:
François Cami
2020-09-21 11:32:52 +02:00
parent ea9db4a903
commit 820beca4ac
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
selinux/ipa.te
View File

@@ -78,6 +78,8 @@ type node_t;
type ipa_pki_retrieve_key_exec_t; type ipa_pki_retrieve_key_exec_t;
init_script_file(ipa_pki_retrieve_key_exec_t) init_script_file(ipa_pki_retrieve_key_exec_t)
type ipa_pki_retrieve_key_t;
######################################## ########################################
# #
# ipa_otpd local policy # ipa_otpd local policy
@@ -422,7 +424,7 @@ optional_policy(`
type tomcat_t; type tomcat_t;
') ')
can_exec(tomcat_t, ipa_pki_retrieve_key_exec_t) can_exec(tomcat_t, ipa_pki_retrieve_key_exec_t)
pki_manage_tomcat_etc_rw(ipa_pki_retrieve_key_exec_t) pki_manage_tomcat_etc_rw(ipa_pki_retrieve_key_t)
') ')
optional_policy(` optional_policy(`