diff options
| -rw-r--r-- | ipa.spec.in | 4 | ||||
| -rw-r--r-- | selinux/ipa_kpasswd/ipa_kpasswd.te | 8 |
2 files changed, 11 insertions, 1 deletions
diff --git a/ipa.spec.in b/ipa.spec.in index 44b9e88a9..c84b7e860 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -85,7 +85,9 @@ Requires: python-krbV Requires: acl Requires: python-pyasn1 >= 0.0.9a Requires: libcap -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +%{?fc12:Requires: selinux-policy >= 3.6.32-123} +%{?fc13:Requires: selinux-policy >= 3.7.19-40} +%if 0%{?fedora} >= 14 || 0%{?rhel} >= 6 Requires: selinux-policy %endif Requires(post): selinux-policy-base diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te index b5203a4ef..07312ce98 100644 --- a/selinux/ipa_kpasswd/ipa_kpasswd.te +++ b/selinux/ipa_kpasswd/ipa_kpasswd.te @@ -69,3 +69,11 @@ require { }; allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms; + +optional_policy(` + gen_require(` + type kerberos_password_port_t; + ') + corenet_tcp_bind_kerberos_password_port(ipa_kpasswd_t) +') + |