On 01/10/2012 11:26 AM, Simo Sorce wrote: > On Tue, 2012-01-10 at 10:59 -0500, Dmitri Pal wrote: > >> As there any SELinux implication with this feature? > I guess you mean the whole work not the email you quoted.
Yes. Sorry. It just occurred to me as I looked that email and I did not have time to find the right place for this comment. > In that case the answer is yes, clients must be allowed to access the > files we create, but that is similar to the requirement to allow clients > to access the sssd_nss pipes so adjusting the selinux policies should be > easy. So there is a special change to SELinux policy on per cache client basis? Should we file any SELinux bugs to make policy changes for this feature? > Simo. > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
