diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-10-14 14:42:30 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-10-22 21:43:00 -0400 |
| commit | b270542863eb5d9fec2b9c66f700ae54dd1584a9 (patch) | |
| tree | b7d8ad9b7f3375efcf58e7bae1b1a1df730ca5db /selinux | |
| parent | 9726941e3d8cfd653034af09d34986b9f9dfdadf (diff) | |
| download | freeipa-b270542863eb5d9fec2b9c66f700ae54dd1584a9.tar.gz freeipa-b270542863eb5d9fec2b9c66f700ae54dd1584a9.tar.xz freeipa-b270542863eb5d9fec2b9c66f700ae54dd1584a9.zip | |
Grant /usr/sbin/ipa_kpasswd "name_bind" access.
Requires selinux-policy-3.6.32-123 on F12
Requires selinux-policy-3.7.19-40 on F13
ticket 73
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/ipa_kpasswd/ipa_kpasswd.te | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te index b5203a4ef..07312ce98 100644 --- a/selinux/ipa_kpasswd/ipa_kpasswd.te +++ b/selinux/ipa_kpasswd/ipa_kpasswd.te @@ -69,3 +69,11 @@ require { }; allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms; + +optional_policy(` + gen_require(` + type kerberos_password_port_t; + ') + corenet_tcp_bind_kerberos_password_port(ipa_kpasswd_t) +') + |