[Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi
Jenny Galipeau
jgalipea at redhat.com
Thu Sep 10 14:40:53 UTC 2009
Simo Sorce wrote:
> On Thu, 2009-09-10 at 10:20 -0400, Rob Crittenden wrote:
>
>> Rob Crittenden wrote:
>>
>>> The management framework wasn't working with SELinux over ldapi because
>>> it lacked permission to access the unix socket. This patch grants
>>> permission.
>>>
>>>
>> Probably easier to review with the patch attached.
>>
>
> The patch was attached :-)
>
> One question comes to mind though, you are giving access to any socket
> labeled initrc_t (if my selinux policy reading skills are good enough,
> which may not be).
>
> Shouldn't we discuss with the DS team to have a more specific label for
> this socket ?
>
Nathan is currently working on the DS SELinux policy ...
> Simo.
>
>
--
Jenny Galipeau <jgalipea at redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
More information about the Freeipa-devel
mailing list