freeipa/selinux
Vit Mojzis b9d3860c8a selinux: Fix/waive issues reported by SELint
- order permissions alphabeticaly
- do not use semicollon after interfaces
- gen_require should only be used in interfaces
-- to resolve this issue, corresponding changes have to be made in
distribution policy instead of ipa module - disabling check

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-12-18 20:35:15 +02:00
..
ipa.fc SELinux: Add dedicated policy for ipa-pki-retrieve-key 2020-09-22 18:05:38 +02:00
ipa.if Add ipa_pki_retrieve_key_exec() interface 2020-09-23 15:23:28 +02:00
ipa.te selinux: Fix/waive issues reported by SELint 2020-12-18 20:35:15 +02:00
Makefile.am Integrate SELinux policy into build system 2020-03-05 09:57:00 +01:00
README.md Move freeipa-selinux dependency to freeipa-common 2020-03-20 15:18:30 +01:00

IPA SELinux policy

The ipa SELinux policy is used by IPA client and server. The policy was forked off from Fedora upstream policy at commit b1751347f4af99de8c88630e2f8d0a352d7f5937.

Some file locations are owned by other policies:

  • /var/lib/ipa/pki-ca/publish(/.*)? is owned by Dogtag PKI policy
  • /usr/lib/ipa/certmonger(/.*)? is owned by certmonger policy
  • /var/lib/ipa-client(/.*)? is owned by realmd policy