selinux: enable httpd_run_ipa to allow communicating with oddjobd services

A new SELinux policy allows communication between IPA framework running under Apache with oddjobd-based services via DBus. This communication is crucial for one-way trust support and also is required for any out of band tools which may be executed by IPA framework. Details of out of band communication and SELinux policy can be found in a bug https://bugzilla.redhat.com/show_bug.cgi?id=1238165 Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Alexander Bokovoy <abokovoy@redhat.com> 2015-07-14 11:11:36 +0000
committer: Tomas Babej <tbabej@redhat.com> 2015-07-16 12:42:43 +0200
commit: 5b9ea329cef4d976694794f1b1b91714f6ac07c2 (patch)
tree: a1d939e90d4f0e782f9a5e3b3df0ef703bb84a99 /ipaserver
parent: 6275d94df30c0c17d2317ad0fba3b28d433efa06 (diff)
download: freeipa-5b9ea329cef4d976694794f1b1b91714f6ac07c2.tar.gz
freeipa-5b9ea329cef4d976694794f1b1b91714f6ac07c2.tar.xz
freeipa-5b9ea329cef4d976694794f1b1b91714f6ac07c2.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index f5f2a86fc..792825621 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -46,6 +46,7 @@ from ipaplatform import services
 SELINUX_BOOLEAN_SETTINGS = dict(
     httpd_can_network_connect='on',
     httpd_manage_ipa='on',
+    httpd_run_ipa='on',
 )
author	Alexander Bokovoy <abokovoy@redhat.com>	2015-07-14 11:11:36 +0000
committer	Tomas Babej <tbabej@redhat.com>	2015-07-16 12:42:43 +0200
commit	5b9ea329cef4d976694794f1b1b91714f6ac07c2 (patch)
tree	a1d939e90d4f0e782f9a5e3b3df0ef703bb84a99 /ipaserver
parent	6275d94df30c0c17d2317ad0fba3b28d433efa06 (diff)
download	freeipa-5b9ea329cef4d976694794f1b1b91714f6ac07c2.tar.gz freeipa-5b9ea329cef4d976694794f1b1b91714f6ac07c2.tar.xz freeipa-5b9ea329cef4d976694794f1b1b91714f6ac07c2.zip