[Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi
Simo Sorce
ssorce at redhat.com
Thu Sep 10 14:34:52 UTC 2009
On Thu, 2009-09-10 at 10:20 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > The management framework wasn't working with SELinux over ldapi because
> > it lacked permission to access the unix socket. This patch grants
> > permission.
> >
>
> Probably easier to review with the patch attached.
The patch was attached :-)
One question comes to mind though, you are giving access to any socket
labeled initrc_t (if my selinux policy reading skills are good enough,
which may not be).
Shouldn't we discuss with the DS team to have a more specific label for
this socket ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list