On Thu, 2009-09-10 at 10:20 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > The management framework wasn't working with SELinux over ldapi because 
> > it lacked permission to access the unix socket. This patch grants 
> > permission.
> >
> Probably easier to review with the patch attached.

The patch was attached :-)

One question comes to mind though, you are giving access to any socket
labeled initrc_t (if my selinux policy reading skills are good enough,
which may not be).

Shouldn't we discuss with the DS team to have a more specific label for
this socket ?


Simo Sorce * Red Hat, Inc * New York

Freeipa-devel mailing list

Reply via email to