From c0f71b052560e5ac9782c582f151ca0bc7312d62 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Jun 01 2023 06:20:37 +0000 Subject: passkey: adjust selinux security context for passkey_child SSSD ships passkey_child binary in /usr/libexec/sssd and it needs the same security context as /usr/libexec/sssd/oidc_child (ipa_otpd_exec_t type). Add the context in the SELinux policy provided by IPA. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2169438 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Alexander Bokovoy --- diff --git a/selinux/ipa.fc b/selinux/ipa.fc index e17f5ca..700e3a1 100644 --- a/selinux/ipa.fc +++ b/selinux/ipa.fc @@ -9,6 +9,7 @@ /usr/libexec/ipa-otpd -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0) /usr/libexec/ipa/ipa-otpd -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0) /usr/libexec/sssd/oidc_child -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0) +/usr/libexec/sssd/passkey_child -- gen_context(system_u:object_r:ipa_otpd_exec_t,s0) /usr/libexec/ipa/ipa-ods-exporter -- gen_context(system_u:object_r:ipa_ods_exporter_exec_t,s0)