From d214ba7547fdda279fa3fd38129a600979d6213b Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 21 Dec 2011 14:44:06 +0200
Subject: Re-enable web password migration on Fedora 16 after SE Linux policy
 restrictions

Web password migration tool uses connection to the LDAPI socket.
Enable access to the ns-slapd socket.
---
 selinux/ipa_httpd/ipa_httpd.te | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'selinux')

diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
index 65b161fe..64525ba9 100644
--- a/selinux/ipa_httpd/ipa_httpd.te
+++ b/selinux/ipa_httpd/ipa_httpd.te
@@ -7,6 +7,7 @@ require {
         type var_run_t;
         type krb5kdc_t;
         type cert_t;
+        type dirsrv_t;
         class sock_file write;
         class unix_stream_socket connectto;
         class file write;
@@ -15,6 +16,7 @@ require {
 # Let Apache, bind and the KDC talk to DS over ldapi
 allow httpd_t var_run_t:sock_file write;
 allow httpd_t initrc_t:unix_stream_socket connectto;
+allow httpd_t dirsrv_t:unix_stream_socket connectto;
 allow krb5kdc_t var_run_t:sock_file write;
 allow krb5kdc_t initrc_t:unix_stream_socket connectto;
 allow named_t var_run_t:sock_file write;
-- 
cgit