diff options
| author | Michal Zidek <mzidek@redhat.com> | 2013-03-01 13:44:03 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-03-19 17:50:53 +0100 |
| commit | ba4378f49914e65a7d687a872d9b938173841154 (patch) | |
| tree | 34da787dfa505711546d7d2b4f36a1c5ac47056c /src/providers | |
| parent | 2ff2a7469ef0b23b3feb418f3ecfa8cfbfa2239c (diff) | |
| download | sssd-ba4378f49914e65a7d687a872d9b938173841154.tar.gz sssd-ba4378f49914e65a7d687a872d9b938173841154.tar.xz sssd-ba4378f49914e65a7d687a872d9b938173841154.zip | |
Make the SELinux refresh time configurable.
Option ipa_selinux_refresh is added to basic ipa options.
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_selinux.c | 5 |
3 files changed, 5 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index f077776bd..e3915bebc 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -47,6 +47,7 @@ enum ipa_basic_opt { IPA_MASTER_DOMAIN_SEARCH_BASE, IPA_KRB5_REALM, IPA_HBAC_REFRESH, + IPA_SELINUX_REFRESH, IPA_HBAC_DENY_METHOD, IPA_HBAC_SUPPORT_SRCHOST, IPA_AUTOMOUNT_LOCATION, diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index a2200d1b1..7923b1ec8 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -45,6 +45,7 @@ struct dp_option ipa_basic_opts[] = { { "ipa_master_domain_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER }, + { "ipa_selinux_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER }, { "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING }, { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING }, diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 489c203d1..6705eea1e 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -811,6 +811,7 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx, int ret = EOK; time_t now; time_t refresh_interval; + struct ipa_options *ipa_options = selinux_ctx->id_ctx->ipa_options; DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving SELinux user mapping\n")); req = tevent_req_create(mem_ctx, &state, struct ipa_get_selinux_state); @@ -828,8 +829,8 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx, offline ? "offline" : "online")); if (!offline) { - /* FIXME: Make the interval configurable */ - refresh_interval = 5; + refresh_interval = dp_opt_get_int(ipa_options->basic, + IPA_SELINUX_REFRESH); now = time(NULL); if (now < selinux_ctx->last_update + refresh_interval) { /* SELinux maps were recently updated -> force offline */ |