freeipa

Clone
Source Code
GIT

6832829 SELinux Policy: let custodia replicate keys

1 file Authored by François Cami 3 years ago, Committed by rcritten 3 years ago,
raw patch tree parent
1 file changed. 11 lines added. 0 lines removed.
selinux/ipa.te
file modified
+11 -0 
    SELinux Policy: let custodia replicate keys
    
    Enhance the SELinux policy so that custodia can replicate sub-CA keys
    and certificates:
    allow ipa_custodia_t self:tcp_socket { bind create };
    allow ipa_custodia_t node_t:tcp_socket node_bind;
    allow ipa_custodia_t pki_tomcat_cert_t:dir remove_name;
    allow ipa_custodia_t pki_tomcat_cert_t:file create;
    allow ipa_custodia_t pki_tomcat_cert_t:file unlink;
    allow ipa_custodia_t self:process execmem;
    
    Found by: test_replica_promotion::TestSubCAkeyReplication
    
    Fixes: https://pagure.io/freeipa/issue/8488
    Signed-off-by: François Cami <fcami@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+11 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.