mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Files

Christian Heimes 69da03b4ca Add missing SELinux rule for ipa-custodia.sock

A SELinux rule for ipa_custodia_stream_connect(httpd_t) was not copied
from upstream rules. It breaks installations on systems that don't have
ipa_custodia_stream_connect in SELinux domain for apache, e.g. RHEL 8.3.

Fixes: https://pagure.io/freeipa/issue/8412
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>

2020-07-15 14:03:40 +02:00

ipa.fc

Use /run and /run/lock instead of /var

2020-04-15 18:48:50 +02:00

ipa.if

selinux: allow oddjobd to set up ipa_helper_t context for execution

2020-07-06 10:47:18 +03:00

ipa.te

Add missing SELinux rule for ipa-custodia.sock

2020-07-15 14:03:40 +02:00

Makefile.am

Integrate SELinux policy into build system

2020-03-05 09:57:00 +01:00

README.md

Move freeipa-selinux dependency to freeipa-common

2020-03-20 15:18:30 +01:00

README.md

IPA SELinux policy

The ipa SELinux policy is used by IPA client and server. The policy was forked off from Fedora upstream policy at commit b1751347f4af99de8c88630e2f8d0a352d7f5937.

Some file locations are owned by other policies:

/var/lib/ipa/pki-ca/publish(/.*)? is owned by Dogtag PKI policy
/usr/lib/ipa/certmonger(/.*)? is owned by certmonger policy
/var/lib/ipa-client(/.*)? is owned by realmd policy