Add selinux to allow map for pamdatabase from unix_chkpwd
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
parent
9f4175b53b
commit
c9817d2b47
3 changed files with 28 additions and 0 deletions
BIN
roles/base/files/selinux/mapchkpwd.pp
Normal file
BIN
roles/base/files/selinux/mapchkpwd.pp
Normal file
Binary file not shown.
11
roles/base/files/selinux/mapchkpwd.te
Normal file
11
roles/base/files/selinux/mapchkpwd.te
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
module mapchkpwd 1.0;
|
||||
|
||||
require {
|
||||
type chkpwd_t;
|
||||
type shadow_t;
|
||||
class file map;
|
||||
}
|
||||
|
||||
#============= chkpwd_t ==============
|
||||
allow chkpwd_t shadow_t:file map;
|
||||
|
|
@ -334,6 +334,23 @@
|
|||
- config
|
||||
- rsyslog-audit
|
||||
|
||||
# Custom selinux policy to allow unix_chkpwd to map PAM database
|
||||
- name: copy over our custom selinux module
|
||||
copy: src=selinux/mapchkpwd.pp dest=/usr/local/share/mapchkpwd.pp
|
||||
register: selinux_module
|
||||
when: ansible_distribution_major_version|int >= 27
|
||||
tags:
|
||||
- config
|
||||
- selinux
|
||||
|
||||
- name: install our custom selinux module
|
||||
command: semodule -i /usr/local/share/mapchkpwd.pp
|
||||
when: selinux_module|changed
|
||||
when: ansible_distribution_major_version|int >= 27
|
||||
tags:
|
||||
- selinux
|
||||
- config
|
||||
|
||||
- name: Setup postfix
|
||||
import_tasks: postfix.yml
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue