diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-11-02 12:58:40 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-11-30 11:12:51 -0500 |
commit | c8d522bc98fb11be92529259e7a2072796012910 (patch) | |
tree | 635dc79adff066f3165ee0a427aada18dc0a6b4d /daemons/ipa-kdb | |
parent | 0833f594c15d05b6ead7e7ca15aabe34fa09a766 (diff) | |
download | freeipa-c8d522bc98fb11be92529259e7a2072796012910.tar.gz freeipa-c8d522bc98fb11be92529259e7a2072796012910.tar.xz freeipa-c8d522bc98fb11be92529259e7a2072796012910.zip |
Update SELinux policy for dogtag10
Incorporate SELinux policy changes introduced in Dogtag 10 in IPA
SELinux policy:
- dogtag10 now runs with pki_tomcat_t context instead of pki_ca_t
- certmonger related rule are now integrated in system policy and
can be removed from IPA policy
Also remove redundant SELinux rules for connection of httpd_t, krb5kdc_t
or named_t to DS socket. The socket has different target type anyway
(dirsrv_var_run_t) and the policy allowing this is already in
system.
https://fedorahosted.org/freeipa/ticket/3234
Diffstat (limited to 'daemons/ipa-kdb')
0 files changed, 0 insertions, 0 deletions