diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-07-14 11:11:36 +0000 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-07-16 12:42:43 +0200 |
| commit | 706c00361544a8255c4c05b253e5e9969187a68c (patch) | |
| tree | 0036bc02a92c927c68e022b353f2e23be0848329 | |
| parent | 9d69ad24282d19575295f1b2dd756ad9dd865c63 (diff) | |
| download | freeipa-706c00361544a8255c4c05b253e5e9969187a68c.tar.gz freeipa-706c00361544a8255c4c05b253e5e9969187a68c.tar.xz freeipa-706c00361544a8255c4c05b253e5e9969187a68c.zip | |
selinux: enable httpd_run_ipa to allow communicating with oddjobd services
A new SELinux policy allows communication between IPA framework running
under Apache with oddjobd-based services via DBus.
This communication is crucial for one-way trust support and also is required
for any out of band tools which may be executed by IPA framework.
Details of out of band communication and SELinux policy can be found in a bug
https://bugzilla.redhat.com/show_bug.cgi?id=1238165
Reviewed-By: Tomas Babej <tbabej@redhat.com>
| -rw-r--r-- | freeipa.spec.in | 2 | ||||
| -rw-r--r-- | ipaserver/install/httpinstance.py | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index d9ed9c3f6..bfc021618 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -8,7 +8,7 @@ %global selinux_policy_version 3.12.1-153 %else %global samba_version 2:4.0.5-1 -%global selinux_policy_version 3.12.1-179 +%global selinux_policy_version 3.13.1-128.6 %endif %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+') diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index f5f2a86fc..792825621 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -46,6 +46,7 @@ from ipaplatform import services SELINUX_BOOLEAN_SETTINGS = dict( httpd_can_network_connect='on', httpd_manage_ipa='on', + httpd_run_ipa='on', ) |