mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-28 09:06:44 -06:00

History

Rafael Guterres Jeffman a78c47b2d3 selinux: Update SELinux policy SELinux local policies updated due to AVCs found in upstream tests: - ipa-dnskey_t: dev_read_sysfs - ipa_ods_exporter_t: dev_read_sysfs - ipa_helper_t: dev_read_sysfs - ipa_custodia_t: allow setopt self:tcp_socket Fixes: https://pagure.io/freeipa/issue/9386 Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>		2023-07-25 09:48:37 -04:00
..
ipa.fc	passkey: adjust selinux security context for passkey_child	2023-06-01 08:20:37 +02:00
ipa.if	Add ipa_pki_retrieve_key_exec() interface	2020-09-23 15:23:28 +02:00
ipa.te	selinux: Update SELinux policy	2023-07-25 09:48:37 -04:00
Makefile.am	Integrate SELinux policy into build system	2020-03-05 09:57:00 +01:00
README.md	Move freeipa-selinux dependency to freeipa-common	2020-03-20 15:18:30 +01:00

README.md

IPA SELinux policy

The ipa SELinux policy is used by IPA client and server. The policy was forked off from Fedora upstream policy at commit b1751347f4af99de8c88630e2f8d0a352d7f5937.

Some file locations are owned by other policies:

/var/lib/ipa/pki-ca/publish(/.*)? is owned by Dogtag PKI policy
/usr/lib/ipa/certmonger(/.*)? is owned by certmonger policy
/var/lib/ipa-client(/.*)? is owned by realmd policy