freeipa

Clone
Source Code
GIT

637ccae Allow ipa-otpd to access USB devices for passkeys

1 file Authored by abbra 8 months ago, Committed by frenaud 8 months ago,
raw patch tree parent
1 file changed. 2 lines added. 0 lines removed.
selinux/ipa.te
file modified
+2 -0 
    Allow ipa-otpd to access USB devices for passkeys
    
    Main SELinux policy will allow transition of passkey_child (SSSD) to
    ipa_otpd_t context to perform FIDO2 operations with USB devices.
    This means ipa-otpd will need to be able to read data from sysfs and
    connect to USB devices.
    
    Add required permissions to IPA subpolicy as well. See rhbz#2238224 for
    discussion.
    
    Related: https://pagure.io/freeipa/issue/9434
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Zdenek Pytela <zpytela@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
file modified
+2 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.