Commit - freeipa - 6a31605c1d249416ed7627755bca23a1cc45a581

freeipa

`6a31605` SELinux Policy: Allow tomcat_t to read kerberos keytabs

Authored and Committed by François Cami 3 years ago

raw patch tree parent

1 file changed. 8 lines added. 0 lines removed.

    SELinux Policy: Allow tomcat_t to read kerberos keytabs
    
    This is required to fix:
    avc: denied  { search } for  pid=1930 comm="ipa-pki-retriev" name="krb5" dev="dm-0" ino=8620822 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:krb5_keytab_t:s0 tclass=dir permissive=0
    
    Macros suggested by: Ondrej Mosnacek
    
    Fixes: https://pagure.io/freeipa/issue/8488
    Signed-off-by: François Cami <fcami@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Ondrej Mosnacek <omosnace@redhat.com>
    Reviewed-By: Lukas Vrabec <lvrabec@redhat.com>
    Reviewed-By: Zdenek Pytela <zpytela@redhat.com>
    Reviewed-By: Thomas Woerner <twoerner@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Ondrej Mosnacek <omosnace@redhat.com>
    Reviewed-By: Lukas Vrabec <lvrabec@redhat.com>
    Reviewed-By: Zdenek Pytela <zpytela@redhat.com>
    Reviewed-By: Thomas Woerner <twoerner@redhat.com>

selinux/ipa.te

file modified

+8 -0

freeipa

Source Code

6a31605 SELinux Policy: Allow tomcat_t to read kerberos keytabs

Authored and Committed by François Cami 3 years ago

`6a31605` SELinux Policy: Allow tomcat_t to read kerberos keytabs