IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-client-install: enable SELinux for SSSD

Browse Source 
For passkeys (FIDO2) support, SSSD uses libfido2 library which needs
access to USB devices. Add SELinux booleans handling to ipa-client-install
so that correct SELinux booleans can be enabled and disabled during
install and uninstall. Ignore and record a warning when SELinux policy
does not support the boolean.

Fixes: https://pagure.io/freeipa/issue/9434

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Alexander Bokovoy
2023-08-29 12:37:57 +03:00
committed by Florence Blanc-Renaud
parent 2bc247d831
commit d355761f23
2 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ipaplatform/base/constants.py
View File

@@ -151,6 +151,9 @@ class BaseConstantsNamespace:
'samba_share_nfs': 'on',
},
}
SELINUX_BOOLEAN_SSSD = {
'sssd_use_usb': 'on',
}
SELINUX_MCS_MAX = 1023
SELINUX_MCS_REGEX = r"^c(\d+)([.,-]c(\d+))*$"
SELINUX_MLS_MAX = 15