mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

History

Zdenek Pytela 2e75623ef8 Allow ipa-adtrust-install restart sssd and dirsrv services Allow ipa_helper_t connect to init using /run/systemd/private socket. Allow ipa_helper_t read init process state. Allow ipa_helper_t manage sssd and dirsrv units. See: https://bugzilla.redhat.com/show_bug.cgi?id=1820298 See: https://github.com/fedora-selinux/selinux-policy-contrib/pull/241 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>		2020-07-01 08:14:17 +02:00
..
ipa.fc	Use /run and /run/lock instead of /var	2020-04-15 18:48:50 +02:00
ipa.if	SELinux: apache_manage_pid_files for F30	2020-03-25 09:52:59 +02:00
ipa.te	Allow ipa-adtrust-install restart sssd and dirsrv services	2020-07-01 08:14:17 +02:00
Makefile.am	Integrate SELinux policy into build system	2020-03-05 09:57:00 +01:00
README.md	Move freeipa-selinux dependency to freeipa-common	2020-03-20 15:18:30 +01:00

README.md

IPA SELinux policy

The ipa SELinux policy is used by IPA client and server. The policy was forked off from Fedora upstream policy at commit b1751347f4af99de8c88630e2f8d0a352d7f5937.

Some file locations are owned by other policies:

/var/lib/ipa/pki-ca/publish(/.*)? is owned by Dogtag PKI policy
/usr/lib/ipa/certmonger(/.*)? is owned by certmonger policy
/var/lib/ipa-client(/.*)? is owned by realmd policy