diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2016-01-15 08:07:21 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-02-11 18:40:39 +0100 |
| commit | b3411dc985c26146c91c2733ebdc0c098ec22266 (patch) | |
| tree | db3ae71c190b6d76b76be8458a99f3cc39b5aa18 | |
| parent | 87ee451c7d9b311192893b2a2c82d8d757281fa6 (diff) | |
| download | freeipa-b3411dc985c26146c91c2733ebdc0c098ec22266.tar.gz freeipa-b3411dc985c26146c91c2733ebdc0c098ec22266.tar.xz freeipa-b3411dc985c26146c91c2733ebdc0c098ec22266.zip | |
replica promotion: fix AVC denials in remote connection check
Also move com.redhat.idm.trust-fetch-domains to /usr/libexec/ipa/oddjob.
https://fedorahosted.org/freeipa/ticket/5550
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
| -rw-r--r-- | freeipa.spec.in | 7 | ||||
| -rw-r--r-- | install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf | 2 |
2 files changed, 3 insertions, 6 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index c8a52161f..54a11bfc8 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -14,7 +14,7 @@ %global selinux_policy_version 3.12.1-153 %else %global samba_version 2:4.0.5-1 -%global selinux_policy_version 3.13.1-128.6 +%global selinux_policy_version 3.13.1-158.4 %endif %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+') @@ -698,9 +698,6 @@ make client-install DESTDIR=%{buildroot} mkdir -p %{buildroot}%{_usr}/share/ipa %if ! %{ONLY_CLIENT} -# FIXME: https://bugzilla.redhat.com/show_bug.cgi?id=1289930 -mv %{buildroot}%{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains %{buildroot}%{_libexecdir}/ipa/com.redhat.idm.trust-fetch-domains - # Remove .la files from libtool - we don't want to package # these files rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la @@ -1224,7 +1221,7 @@ fi %ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so %{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf %{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf -%%attr(755,root,root) %{_libexecdir}/ipa/com.redhat.idm.trust-fetch-domains +%%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains %endif # ONLY_CLIENT diff --git a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf index 17817de09..bc2e8d191 100644 --- a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf +++ b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf @@ -10,7 +10,7 @@ </interface> <interface name="com.redhat.idm.trust"> <method name="fetch_domains"> - <helper exec="/usr/libexec/ipa/com.redhat.idm.trust-fetch-domains" + <helper exec="/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains" arguments="1" argument_passing_method="cmdline" prepend_user_name="no"/> |