35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
|
From d83b760d1f76a3ba8e527dd27551e51a600b22c0 Mon Sep 17 00:00:00 2001
|
||
|
From: Christian Heimes <cheimes@redhat.com>
|
||
|
Date: Wed, 15 Jul 2020 10:23:35 +0200
|
||
|
Subject: [PATCH] Add missing SELinux rule for ipa-custodia.sock
|
||
|
|
||
|
A SELinux rule for ipa_custodia_stream_connect(httpd_t) was not copied
|
||
|
from upstream rules. It breaks installations on systems that don't have
|
||
|
ipa_custodia_stream_connect in SELinux domain for apache, e.g. RHEL 8.3.
|
||
|
|
||
|
Fixes: https://pagure.io/freeipa/issue/8412
|
||
|
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
||
|
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
|
||
|
---
|
||
|
selinux/ipa.te | 7 +++++++
|
||
|
1 file changed, 7 insertions(+)
|
||
|
|
||
|
diff --git a/selinux/ipa.te b/selinux/ipa.te
|
||
|
index a3381217a4..c4c3fa805e 100644
|
||
|
--- a/selinux/ipa.te
|
||
|
+++ b/selinux/ipa.te
|
||
|
@@ -378,6 +378,13 @@ optional_policy(`
|
||
|
ipa_search_lib(ipa_custodia_t)
|
||
|
')
|
||
|
|
||
|
+optional_policy(`
|
||
|
+ gen_require(`
|
||
|
+ type httpd_t;
|
||
|
+ ')
|
||
|
+ ipa_custodia_stream_connect(httpd_t)
|
||
|
+')
|
||
|
+
|
||
|
optional_policy(`
|
||
|
pki_manage_tomcat_etc_rw(ipa_custodia_t)
|
||
|
pki_read_tomcat_cert(ipa_custodia_t)
|