pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0008-selinux-enable-httpd_run_ipa-to-allow-communicating-.patch

590d18
From aad359de280a0c28e9a9305fd93b48cd40ddddd8 Mon Sep 17 00:00:00 2001
590d18
From: Alexander Bokovoy <abokovoy@redhat.com>
590d18
Date: Tue, 14 Jul 2015 11:11:36 +0000
590d18
Subject: [PATCH] selinux: enable httpd_run_ipa to allow communicating with
590d18
 oddjobd services
590d18
590d18
A new SELinux policy allows communication between IPA framework running
590d18
under Apache with oddjobd-based services via DBus.
590d18
590d18
This communication is crucial for one-way trust support and also is required
590d18
for any out of band tools which may be executed by IPA framework.
590d18
590d18
Details of out of band communication and SELinux policy can be found in a bug
590d18
https://bugzilla.redhat.com/show_bug.cgi?id=1238165
590d18
590d18
Reviewed-By: Tomas Babej <tbabej@redhat.com>
590d18
---
590d18
 freeipa.spec.in                   | 2 +-
590d18
 ipaserver/install/httpinstance.py | 1 +
590d18
 2 files changed, 2 insertions(+), 1 deletion(-)
590d18
590d18
diff --git a/freeipa.spec.in b/freeipa.spec.in
590d18
index a819710b2bad16a5c17b77670cdb29cb4b09ad8f..5790f7941d2117ed95d3c99556f1579c27917270 100644
590d18
--- a/freeipa.spec.in
590d18
+++ b/freeipa.spec.in
590d18
@@ -8,7 +8,7 @@
590d18
 %global selinux_policy_version 3.12.1-153
590d18
 %else
590d18
 %global samba_version 2:4.0.5-1
590d18
-%global selinux_policy_version 3.12.1-179
590d18
+%global selinux_policy_version 3.13.1-128.6
590d18
 %endif
590d18
 
590d18
 %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
590d18
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
590d18
index f5f2a86fca3a1ff3e9123d08052a7e57b50a94fe..792825621f68844a2b0b1265eeeb37e4247d66f8 100644
590d18
--- a/ipaserver/install/httpinstance.py
590d18
+++ b/ipaserver/install/httpinstance.py
590d18
@@ -46,6 +46,7 @@ from ipaplatform import services
590d18
 SELINUX_BOOLEAN_SETTINGS = dict(
590d18
     httpd_can_network_connect='on',
590d18
     httpd_manage_ipa='on',
590d18
+    httpd_run_ipa='on',
590d18
 )
590d18
 
590d18
 
590d18
-- 
590d18
2.4.3
590d18