diff options
author | Evgeny Sinelnikov <sin@altlinux.ru> | 2011-12-03 09:44:38 +0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-12-04 17:25:50 -0500 |
commit | 89d9ad428cf48a3aac55173ecf074e0a234a5ee5 (patch) | |
tree | 53ced649ec4844f5dc9926570ff9a47adbce0371 | |
parent | 455ce3c67e04bb7d0aa17c961f426ba4e073af84 (diff) | |
download | freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.tar.gz freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.tar.xz freeipa.git-89d9ad428cf48a3aac55173ecf074e0a234a5ee5.zip |
ipa_kpasswd: Update selinux policies for ldap and urandom
Fixes: https://fedorahosted.org/freeipa/ticket/2160
-rw-r--r-- | selinux/ipa_kpasswd/ipa_kpasswd.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te index 292be7b8..eefb70bc 100644 --- a/selinux/ipa_kpasswd/ipa_kpasswd.te +++ b/selinux/ipa_kpasswd/ipa_kpasswd.te @@ -64,6 +64,7 @@ corenet_tcp_bind_all_nodes(ipa_kpasswd_t) corenet_udp_bind_all_nodes(ipa_kpasswd_t) corenet_tcp_bind_kerberos_admin_port(ipa_kpasswd_t) corenet_udp_bind_kerberos_admin_port(ipa_kpasswd_t) +corenet_tcp_connect_ldap_port(ipa_kpasswd_t) require { type krb5kdc_conf_t; }; @@ -78,3 +79,8 @@ optional_policy(` corenet_udp_bind_kerberos_password_port(ipa_kpasswd_t) ') +require { + type urandom_device_t; +} + +allow ipa_kpasswd_t urandom_device_t:chr_file { open read getattr }; |