diff options
author | Michal Zidek <mzidek@redhat.com> | 2013-02-07 19:35:37 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-03-19 17:50:53 +0100 |
commit | b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858 (patch) | |
tree | 990fcb7fa6901faf4f2b7befea8912324106dad5 /src/providers/ipa/ipa_selinux.h | |
parent | 1f469537545a20b62cb35966033be24e1c0cae39 (diff) | |
download | sssd2-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.tar.gz sssd2-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.tar.xz sssd2-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.zip |
Move SELinux processing to provider.
The SELinux processing was distributed between provider and
pam responder which resulted in hard to maintain code. This
patch moves the logic to provider.
IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because
the provider also writes the content of selinux login
file to disk (which was done by responder before).
https://fedorahosted.org/sssd/ticket/1743
Diffstat (limited to 'src/providers/ipa/ipa_selinux.h')
-rw-r--r-- | src/providers/ipa/ipa_selinux.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_selinux.h b/src/providers/ipa/ipa_selinux.h index 60c22110..0f3fadd3 100644 --- a/src/providers/ipa/ipa_selinux.h +++ b/src/providers/ipa/ipa_selinux.h @@ -27,6 +27,13 @@ #include "providers/ldap/ldap_common.h" +#ifdef HAVE_SELINUX_LOGIN_DIR + +#define ALL_SERVICES "*" +#define selogin_path(mem_ctx, username) \ + talloc_asprintf(mem_ctx, "%s/logins/%s", selinux_policy_root(), username) +#endif + struct ipa_selinux_ctx { struct ipa_id_ctx *id_ctx; |