diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2011-12-21 14:44:06 +0200 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2011-12-21 14:44:06 +0200 |
commit | d214ba7547fdda279fa3fd38129a600979d6213b (patch) | |
tree | 4278d7c17cb5c92be749678b8c7cec25f2361ea8 /selinux | |
parent | d27b23d4315d24e62d83ddf0012b347ffad36e9c (diff) | |
download | freeipa.git-d214ba7547fdda279fa3fd38129a600979d6213b.tar.gz freeipa.git-d214ba7547fdda279fa3fd38129a600979d6213b.tar.xz freeipa.git-d214ba7547fdda279fa3fd38129a600979d6213b.zip |
Re-enable web password migration on Fedora 16 after SE Linux policy restrictions
Web password migration tool uses connection to the LDAPI socket.
Enable access to the ns-slapd socket.
Diffstat (limited to 'selinux')
-rw-r--r-- | selinux/ipa_httpd/ipa_httpd.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te index 65b161fe..64525ba9 100644 --- a/selinux/ipa_httpd/ipa_httpd.te +++ b/selinux/ipa_httpd/ipa_httpd.te @@ -7,6 +7,7 @@ require { type var_run_t; type krb5kdc_t; type cert_t; + type dirsrv_t; class sock_file write; class unix_stream_socket connectto; class file write; @@ -15,6 +16,7 @@ require { # Let Apache, bind and the KDC talk to DS over ldapi allow httpd_t var_run_t:sock_file write; allow httpd_t initrc_t:unix_stream_socket connectto; +allow httpd_t dirsrv_t:unix_stream_socket connectto; allow krb5kdc_t var_run_t:sock_file write; allow krb5kdc_t initrc_t:unix_stream_socket connectto; allow named_t var_run_t:sock_file write; |