IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup SELinux policy

Browse Source 
* Remove FC for /usr/libexec/ipa/com.redhat.idm.trust-fetch-domains. The
  file has been moved to oddjobs/ subdirectory a long time ago.
* Simplify FC for oddjob scripts. All com.redhat.idm.* and org.freeipa.*
  scripts are labeled as ipa_helper_exec_t.
* use miscfiles_read_generic_certs() instead of deprecated
  miscfiles_read_certs() to address the warning:

```
Warning: miscfiles_read_certs() has been deprecated, please use miscfiles_read_generic_certs() instead.
```

(Also add org.freeipa.server.trust-enable-agent to .gitignore)

Related: https://pagure.io/freeipa/issue/6891
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Christian Heimes 2020-03-11 13:30:44 +01:00 committed by Florence Blanc-Renaud
parent 8dd663e0c2
commit b88562b2c8
3 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -137,6 +137,7 @@ install/custodia/ipa-custodia-dmldap
install/custodia/ipa-custodia-pki-tomcat
install/custodia/ipa-custodia-pki-tomcat-wrapped
install/custodia/ipa-custodia-ra-agent
install/oddjob/org.freeipa.server.trust-enable-agent
install/oddjob/com.redhat.idm.trust-fetch-domains
install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf

7
selinux/ipa.fc
View File

@ -9,16 +9,13 @@
/usr/libexec/ipa-otpd -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0)
/usr/libexec/ipa/ipa-otpd -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0)
/usr/libexec/ipa/ipa-ods-exporter -- gen_context(system_u:object_r:ipa_ods_exporter_exec_t,s0)
/usr/libexec/ipa/ipa-dnskeysyncd -- gen_context(system_u:object_r:ipa_dnskey_exec_t,s0)
/usr/libexec/ipa/ipa-dnskeysync-replica -- gen_context(system_u:object_r:ipa_dnskey_exec_t,s0)
/usr/libexec/ipa/com\.redhat\.idm\.trust-fetch-domains -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
/usr/libexec/ipa/oddjob/com\.redhat\.idm\.trust-fetch-domains -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
/usr/libexec/ipa/oddjob/org\.freeipa\.server\.conncheck -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
/usr/libexec/ipa/oddjob/org\.freeipa\.server\.trust-enable-agent -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
/usr/libexec/ipa/oddjob/com\.redhat\.idm.* -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
/usr/libexec/ipa/oddjob/org\.freeipa.* -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
/var/lib/ipa(/.*)? gen_context(system_u:object_r:ipa_var_lib_t,s0)

4
selinux/ipa.te
View File

@ -205,7 +205,7 @@ libs_exec_ldconfig(ipa_dnskey_t)
logging_send_syslog_msg(ipa_dnskey_t)
miscfiles_read_certs(ipa_dnskey_t)
miscfiles_read_generic_certs(ipa_dnskey_t)
sysnet_read_config(ipa_dnskey_t)
@ -262,7 +262,7 @@ libs_exec_ldconfig(ipa_ods_exporter_t)
logging_send_syslog_msg(ipa_ods_exporter_t)
miscfiles_read_certs(ipa_ods_exporter_t)
miscfiles_read_generic_certs(ipa_ods_exporter_t)
sysnet_read_config(ipa_ods_exporter_t)