ipa-client-install: enable SELinux for SSSD

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA

GNU General Public License v3.0

489 stars 232 forks source link

ipa-client-install: enable SELinux for SSSD #1135

Open t-woerner opened 1 year ago

t-woerner commented 1 year ago

From https://github.com/freeipa/freeipa/pull/6978

For passkeys (FIDO2) support, SSSD uses libfido2 library which needs access to USB devices. Add SELinux booleans handling to ipa-client-install so that correct SELinux booleans can be enabled and disabled during install and uninstall. Ignore and record a warning when SELinux policy does not support the boolean.

Fixes: https://pagure.io/freeipa/issue/9434

rjeffman commented 12 months ago

PR https://github.com/freeipa/freeipa/pull/6978 has been merged in IPA upstream.