mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Files

Vit Mojzis cd85b729d3 selinux: Fix file context definition for /var/run

There is a file context equivalence rule assigning /run the same
contexts as /var/run. Because of it it's necessary to use /var/run
instead of /run in file context definitions.

See:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#File_contexts_and_equivalency_rules

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>

2021-09-27 09:53:38 -04:00

ipa.fc

selinux: Fix file context definition for /var/run

2021-09-27 09:53:38 -04:00

ipa.if

Add ipa_pki_retrieve_key_exec() interface

2020-09-23 15:23:28 +02:00

ipa.te

selinux policy: allow custodia to access /proc/cpuinfo

2021-08-31 14:58:52 +02:00

Makefile.am

Integrate SELinux policy into build system

2020-03-05 09:57:00 +01:00

README.md

Move freeipa-selinux dependency to freeipa-common

2020-03-20 15:18:30 +01:00

README.md

IPA SELinux policy

The ipa SELinux policy is used by IPA client and server. The policy was forked off from Fedora upstream policy at commit b1751347f4af99de8c88630e2f8d0a352d7f5937.

Some file locations are owned by other policies:

/var/lib/ipa/pki-ca/publish(/.*)? is owned by Dogtag PKI policy
/usr/lib/ipa/certmonger(/.*)? is owned by certmonger policy
/var/lib/ipa-client(/.*)? is owned by realmd policy