selinux: enable httpd_run_ipa to allow communicating with oddjobd services

A new SELinux policy allows communication between IPA framework running under Apache with oddjobd-based services via DBus. This communication is crucial for one-way trust support and also is required for any out of band tools which may be executed by IPA framework. Details of out of band communication and SELinux policy can be found in a bug https://bugzilla.redhat.com/show_bug.cgi?id=1238165 Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Alexander Bokovoy <abokovoy@redhat.com> 2015-07-14 11:11:36 +0000
committer: Tomas Babej <tbabej@redhat.com> 2015-07-16 12:42:43 +0200
commit: 706c00361544a8255c4c05b253e5e9969187a68c (patch)
tree: 0036bc02a92c927c68e022b353f2e23be0848329 /ipaserver
parent: 9d69ad24282d19575295f1b2dd756ad9dd865c63 (diff)
download: freeipa-706c00361544a8255c4c05b253e5e9969187a68c.tar.gz
freeipa-706c00361544a8255c4c05b253e5e9969187a68c.tar.xz
freeipa-706c00361544a8255c4c05b253e5e9969187a68c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index f5f2a86fc..792825621 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -46,6 +46,7 @@ from ipaplatform import services
 SELINUX_BOOLEAN_SETTINGS = dict(
     httpd_can_network_connect='on',
     httpd_manage_ipa='on',
+    httpd_run_ipa='on',
 )
author	Alexander Bokovoy <abokovoy@redhat.com>	2015-07-14 11:11:36 +0000
committer	Tomas Babej <tbabej@redhat.com>	2015-07-16 12:42:43 +0200
commit	706c00361544a8255c4c05b253e5e9969187a68c (patch)
tree	0036bc02a92c927c68e022b353f2e23be0848329 /ipaserver
parent	9d69ad24282d19575295f1b2dd756ad9dd865c63 (diff)
download	freeipa-706c00361544a8255c4c05b253e5e9969187a68c.tar.gz freeipa-706c00361544a8255c4c05b253e5e9969187a68c.tar.xz freeipa-706c00361544a8255c4c05b253e5e9969187a68c.zip