mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 16:51:55 -06:00
1fbc4e01ea
This commit sets the system_u:object_r:ipa_helper_exec_t:s0 context to the oddjob script org.freeipa.server.trust-enable-agent. Without this context, oddjob cannot launch the command /usr/libexec/ipa/oddjob/org.freeipa.server.trust-enable-agent when ipa-adtrust-install --add-agents is run with SElinux enforcing. Related: https://pagure.io/freeipa/issue/7600 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
30 lines
1.6 KiB
Plaintext
30 lines
1.6 KiB
Plaintext
/etc/httpd/alias/ipasession.key -- gen_context(system_u:object_r:ipa_cert_t,s0)
|
|
|
|
/usr/lib/systemd/system/ipa-otpd.* -- gen_context(system_u:object_r:ipa_otpd_unit_file_t,s0)
|
|
|
|
/usr/lib/systemd/system/ipa-dnskeysyncd.* -- gen_context(system_u:object_r:ipa_dnskey_unit_file_t,s0)
|
|
|
|
/usr/lib/systemd/system/ipa-ods-exporter.* -- gen_context(system_u:object_r:ipa_ods_exporter_unit_file_t,s0)
|
|
|
|
/usr/libexec/ipa-otpd -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0)
|
|
/usr/libexec/ipa/ipa-otpd -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0)
|
|
|
|
|
|
/usr/libexec/ipa/ipa-ods-exporter -- gen_context(system_u:object_r:ipa_ods_exporter_exec_t,s0)
|
|
|
|
/usr/libexec/ipa/ipa-dnskeysyncd -- gen_context(system_u:object_r:ipa_dnskey_exec_t,s0)
|
|
/usr/libexec/ipa/ipa-dnskeysync-replica -- gen_context(system_u:object_r:ipa_dnskey_exec_t,s0)
|
|
|
|
/usr/libexec/ipa/com\.redhat\.idm\.trust-fetch-domains -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
|
|
/usr/libexec/ipa/oddjob/com\.redhat\.idm\.trust-fetch-domains -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
|
|
/usr/libexec/ipa/oddjob/org\.freeipa\.server\.conncheck -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
|
|
/usr/libexec/ipa/oddjob/org\.freeipa\.server\.trust-enable-agent -- gen_context(system_u:object_r:ipa_helper_exec_t,s0)
|
|
|
|
/var/lib/ipa(/.*)? gen_context(system_u:object_r:ipa_var_lib_t,s0)
|
|
|
|
/var/log/ipa(/.*)? gen_context(system_u:object_r:ipa_log_t,s0)
|
|
|
|
/var/log/ipareplica-conncheck.log.* -- gen_context(system_u:object_r:ipa_log_t,s0)
|
|
|
|
/var/run/ipa(/.*)? gen_context(system_u:object_r:ipa_var_run_t,s0)
|