WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

IPA-tuura: SELinux again

Browse Source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard
2025-10-23 17:04:52 +02:00
parent 7bbe6091d7
commit 2062329c2d
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/ipatuura/files/local-ipatuura.te
View File

@@ -1,18 +1,21 @@
module local-ipatuura 1.0;
module local-ipatuura 1.1;
require {
type httpd_t;
type sssd_conf_t;
type realmd_var_lib_t;
type systemd_logind_t;
class file { read write };
type certmonger_t;
class file { open read unlink write };
class dbus send_msg;
}
#============= httpd_t ==============
allow httpd_t sssd_conf_t:file read;
allow httpd_t sssd_conf_t:file { read open };
# Write to /var/lib/ipa-client
allow httpd_t realmd_var_lib_t:file write;
# Send messages on DBUS
allow httpd_t systemd_logind_t:dbus send_msg;
allow httpd_t certmonger_t:dbus send_msg;
# Remove files in /etc/ipa/nssdb on uninstall
allow httpd_t cert_t:file unlink;