shanks / freeipa

Forked from freeipa 5 years ago
Clone
Source Code
GIT

c8d522b Update SELinux policy for dogtag10

2 files Authored by mkosek 11 years ago, Committed by rcritten 11 years ago,
raw patch tree parent
2 files changed. 13 lines added. 37 lines removed.
selinux/ipa_dogtag/ipa_dogtag.te
file modified
+11 -21
selinux/ipa_httpd/ipa_httpd.te
file modified
+2 -16 
    Update SELinux policy for dogtag10
    
    Incorporate SELinux policy changes introduced in Dogtag 10 in IPA
    SELinux policy:
    - dogtag10 now runs with pki_tomcat_t context instead of pki_ca_t
    - certmonger related rule are now integrated in system policy and
      can be removed from IPA policy
    
    Also remove redundant SELinux rules for connection of httpd_t, krb5kdc_t
    or named_t to DS socket. The socket has different target type anyway
    (dirsrv_var_run_t) and the policy allowing this is already in
    system.
    
    https://fedorahosted.org/freeipa/ticket/3234
file modified
+11 -21
file modified
+2 -16
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.