0c5ab6443d
Rebuild SLAPI plugins against thread-safe ldap library as requirement of new 389-ds build
36 lines
1.3 KiB
Diff
36 lines
1.3 KiB
Diff
From d214ba7547fdda279fa3fd38129a600979d6213b Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 21 Dec 2011 14:44:06 +0200
|
|
Subject: [PATCH] Re-enable web password migration on Fedora 16 after SE Linux
|
|
policy restrictions
|
|
|
|
Web password migration tool uses connection to the LDAPI socket.
|
|
Enable access to the ns-slapd socket.
|
|
---
|
|
selinux/ipa_httpd/ipa_httpd.te | 2 ++
|
|
1 files changed, 2 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
|
|
index 65b161fe58cbe64c476fc6abb17b68d741d5d321..64525ba99ad2c455941a937d77ea5cc1af6c68d0 100644
|
|
--- a/selinux/ipa_httpd/ipa_httpd.te
|
|
+++ b/selinux/ipa_httpd/ipa_httpd.te
|
|
@@ -7,6 +7,7 @@ require {
|
|
type var_run_t;
|
|
type krb5kdc_t;
|
|
type cert_t;
|
|
+ type dirsrv_t;
|
|
class sock_file write;
|
|
class unix_stream_socket connectto;
|
|
class file write;
|
|
@@ -15,6 +16,7 @@ require {
|
|
# Let Apache, bind and the KDC talk to DS over ldapi
|
|
allow httpd_t var_run_t:sock_file write;
|
|
allow httpd_t initrc_t:unix_stream_socket connectto;
|
|
+allow httpd_t dirsrv_t:unix_stream_socket connectto;
|
|
allow krb5kdc_t var_run_t:sock_file write;
|
|
allow krb5kdc_t initrc_t:unix_stream_socket connectto;
|
|
allow named_t var_run_t:sock_file write;
|
|
--
|
|
1.7.8
|
|
|