[refpolicy] [Patch 4/4] Implementation of nsswitch_domain attribute
mgrepl at redhat.com
Tue Jul 10 07:38:23 CDT 2012
On 07/10/2012 02:37 PM, Christopher J. PeBenito wrote:
> On 07/10/12 08:32, Miroslav Grepl wrote:
>> On 07/10/2012 02:28 PM, Christopher J. PeBenito wrote:
>>> On 07/10/12 08:14, Miroslav Grepl wrote:
>>>> On 07/10/2012 02:07 PM, Christopher J. PeBenito wrote:
>>>>> On 07/03/12 07:44, Miroslav Grepl wrote:
>>>>>> * Add ldap_stream_connect() interface for domains which need it
>>>>> Since this is in the nsswitch patch set, I assume this access is for nsswitch. Why not put it in authlogin and use the attribute?
>>>> The problem is we have now
>>>> but these domains need this access without this boolean.
>>> So this is not actually related to the nsswitch patches?
>> previously , ldap_stream_connect() was allowed by default (where auth_use_nsswitch() was used) without the authlogin_nsswitch_use_ldap boolean. If we now add this boolean, it will not be allowed by default it will break these domains.
> Ok, I get it. These domains actually need the access unconditionally, but it was obscured by auth_use_nsswitch() always having ldap_stream_connect(). Right?
More information about the refpolicy