selinux: modify policy to allow one-way trust
In selinux enforcing mode, the command ipa trust-add fails
to establish a one-way trust, during the step fetching the remote
domains.
This step calls a script over DBus and oddjob, that is executed
with oddjob_t context. The policy must allow noatsecure.
Currently the optional_policy is defined in selinux-policy
repo but is ineffective as ipa_helper_noatsecure is not defined
in this repo. When the optional_policy is defined in our own
module, it is taken into account and ipa trust-add succeeds.
Fixes: https://pagure.io/freeipa/issue/8508
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>