Simo Sorce wrote:
On Thu, 2009-09-10 at 10:20 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
The management framework wasn't working with SELinux over ldapi because it lacked permission to access the unix socket. This patch grants permission.


Probably easier to review with the patch attached.

The patch was attached :-)

One question comes to mind though, you are giving access to any socket
labeled initrc_t (if my selinux policy reading skills are good enough,
which may not be).

Shouldn't we discuss with the DS team to have a more specific label for
this socket ?
Nathan is currently working on the DS SELinux policy ...
Simo.



--
Jenny Galipeau <jgali...@redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to