[Freeipa-devel] [freeipa PR#5131][opened] Add ipa_pki_retrieve_key_exec() interface

Tue, 22 Sep 2020 22:50:52 -0700 

   URL: https://github.com/freeipa/freeipa/pull/5131
Author: zpytela
 Title: #5131: Add ipa_pki_retrieve_key_exec() interface
Action: opened

PR body:
"""
The ipa_pki_retrieve_key_exec() interface is needed to allow other
domains execute ipa-pki-retrieve-key.

Related: https://github.com/freeipa/freeipa/pull/5109
Signed-off-by: Zdenek Pytela <zpyt...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5131/head:pr5131
git checkout pr5131

From 220e9eae5eccaae446ea39fc7817c5b519aab126 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpyt...@redhat.com>
Date: Wed, 23 Sep 2020 07:45:37 +0200
Subject: [PATCH] Add ipa_pki_retrieve_key_exec() interface

The ipa_pki_retrieve_key_exec() interface is needed to allow other
domains execute ipa-pki-retrieve-key.

Related: https://github.com/freeipa/freeipa/pull/5109
Signed-off-by: Zdenek Pytela <zpyt...@redhat.com>
---
 selinux/ipa.if | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/selinux/ipa.if b/selinux/ipa.if
index 783db8b782..8c47e7963a 100644
--- a/selinux/ipa.if
+++ b/selinux/ipa.if
@@ -328,6 +328,25 @@ interface(`ipa_custodia_domtrans',`
 	domtrans_pattern($1, ipa_custodia_exec_t, ipa_custodia_t)
 ')
 
+######################################
+## <summary>
+##	Execute ipa-pki-retrieve-key in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ipa_pki_retrieve_key_exec',`
+	gen_require(`
+		type ipa_pki_retrieve_key_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ipa_pki_retrieve_key_exec_t)
+')
+
 ######################################
 ## <summary>
 ##	Execute ipa_custodia in the caller domain.

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

Reply via email to