IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 08:41:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
9caea3205c
freeipa/selinux
History
Florence Blanc-Renaud c0f71b0525 passkey: adjust selinux security context for passkey_child 
SSSD ships passkey_child binary in /usr/libexec/sssd and
it needs the same security context as /usr/libexec/sssd/oidc_child
(ipa_otpd_exec_t type).

Add the context in the SELinux policy provided by IPA.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2169438

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2023-06-01 08:20:37 +02:00
..
ipa.fc passkey: adjust selinux security context for passkey_child 2023-06-01 08:20:37 +02:00
ipa.if Add ipa_pki_retrieve_key_exec() interface 2020-09-23 15:23:28 +02:00
ipa.te External IdP: initial SELinux policy 2022-05-10 15:52:41 +03:00
Makefile.am Integrate SELinux policy into build system 2020-03-05 09:57:00 +01:00
README.md Move freeipa-selinux dependency to freeipa-common 2020-03-20 15:18:30 +01:00

README.md

IPA SELinux policy

The ipa SELinux policy is used by IPA client and server. The policy was forked off from Fedora upstream policy at commit b1751347f4af99de8c88630e2f8d0a352d7f5937.

Some file locations are owned by other policies:

  • /var/lib/ipa/pki-ca/publish(/.*)? is owned by Dogtag PKI policy
  • /usr/lib/ipa/certmonger(/.*)? is owned by certmonger policy
  • /var/lib/ipa-client(/.*)? is owned by realmd policy