URL:
https://github.com/freeipa/freeipa/pull/5385
Author: flo-renaud
Title: #5385: selinux: modify policy to allow one-way trust
Action: opened
PR body:
"""
In selinux enforcing mode, the command ipa trust-add fails
to establish a one-way trust, during the step fetching the remote
domains.
This step calls a script over DBus and oddjob, that is executed
with oddjob_t context. The policy must allow noatsecure.
Currently the optional_policy is defined in selinux-policy
repo but is ineffective as ipa_helper_noatsecure is not defined
in this repo. When the optional_policy is defined in our own
module, it is taken into account and ipa trust-add succeeds.
Fixes:
https://pagure.io/freeipa/issue/8508
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5385/head:pr5385
git checkout pr5385