URL:
https://github.com/freeipa/freeipa/pull/4882
Author: abbra
Title: #4882: selinux: allow oddjobd to set up ipa_helper_t context for execution
Action: opened
PR body:
"""
On Fedora 32+ and RHEL 8.3.0+ SELinux policy requires explicit process
transition from httpd_t context. In addition, a setup of a helper
execution needs permission to use 'noatsecure', 'rlimitinh', and
'siginh'. These operations invoked during execve() setup by glibc.
Fixes:
https://pagure.io/freeipa/issue/8395
Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4882/head:pr4882
git checkout pr4882