From ba4378f49914e65a7d687a872d9b938173841154 Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Fri, 1 Mar 2013 13:44:03 +0100
Subject: Make the SELinux refresh time configurable.

Option ipa_selinux_refresh is added to basic ipa options.
---
 src/providers/ipa/ipa_common.h  | 1 +
 src/providers/ipa/ipa_opts.h    | 1 +
 src/providers/ipa/ipa_selinux.c | 5 +++--
 3 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/providers')

diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index f077776bd..e3915bebc 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -47,6 +47,7 @@ enum ipa_basic_opt {
     IPA_MASTER_DOMAIN_SEARCH_BASE,
     IPA_KRB5_REALM,
     IPA_HBAC_REFRESH,
+    IPA_SELINUX_REFRESH,
     IPA_HBAC_DENY_METHOD,
     IPA_HBAC_SUPPORT_SRCHOST,
     IPA_AUTOMOUNT_LOCATION,
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index a2200d1b1..7923b1ec8 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -45,6 +45,7 @@ struct dp_option ipa_basic_opts[] = {
     { "ipa_master_domain_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING},
     { "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
+    { "ipa_selinux_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
     { "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING },
     { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING },
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 489c203d1..6705eea1e 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -811,6 +811,7 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
     int ret = EOK;
     time_t now;
     time_t refresh_interval;
+    struct ipa_options *ipa_options = selinux_ctx->id_ctx->ipa_options;
 
     DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving SELinux user mapping\n"));
     req = tevent_req_create(mem_ctx, &state, struct ipa_get_selinux_state);
@@ -828,8 +829,8 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
                                   offline ? "offline" : "online"));
 
     if (!offline) {
-        /* FIXME: Make the interval configurable */
-        refresh_interval = 5;
+        refresh_interval = dp_opt_get_int(ipa_options->basic,
+                                          IPA_SELINUX_REFRESH);
         now = time(NULL);
         if (now < selinux_ctx->last_update + refresh_interval) {
             /* SELinux maps were recently updated -> force offline */
-- 
cgit