summaryrefslogtreecommitdiffstats
path: root/selinux
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-10-14 14:42:30 -0400
committerRob Crittenden <rcritten@redhat.com>2010-10-22 21:43:00 -0400
commitb270542863eb5d9fec2b9c66f700ae54dd1584a9 (patch)
treeb7d8ad9b7f3375efcf58e7bae1b1a1df730ca5db /selinux
parent9726941e3d8cfd653034af09d34986b9f9dfdadf (diff)
downloadfreeipa-b270542863eb5d9fec2b9c66f700ae54dd1584a9.zip
freeipa-b270542863eb5d9fec2b9c66f700ae54dd1584a9.tar.gz
freeipa-b270542863eb5d9fec2b9c66f700ae54dd1584a9.tar.xz
Grant /usr/sbin/ipa_kpasswd "name_bind" access.
Requires selinux-policy-3.6.32-123 on F12 Requires selinux-policy-3.7.19-40 on F13 ticket 73
Diffstat (limited to 'selinux')
-rw-r--r--selinux/ipa_kpasswd/ipa_kpasswd.te8
1 files changed, 8 insertions, 0 deletions
diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te
index b5203a4..07312ce 100644
--- a/selinux/ipa_kpasswd/ipa_kpasswd.te
+++ b/selinux/ipa_kpasswd/ipa_kpasswd.te
@@ -69,3 +69,11 @@ require {
};
allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms;
+
+optional_policy(`
+ gen_require(`
+ type kerberos_password_port_t;
+ ')
+ corenet_tcp_bind_kerberos_password_port(ipa_kpasswd_t)
+')
+