Make the SELinux refresh time configurable.

Option ipa_selinux_refresh is added to basic ipa options.

2 files changed, 2 insertions, 0 deletions

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index fd54c7b6..a1f22395 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -136,6 +136,7 @@ option_strings = {
     'ipa_dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"),
     'ipa_hbac_search_base' : _("Search base for HBAC related objects"),
     'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"),
+    'ipa_selinux_refresh' : _("The amount of time in seconds between lookups of the SELinux maps against the IPA server"),
     'ipa_hbac_treat_deny_as' : _("If DENY rules are present, either DENY_ALL or IGNORE"),
     'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"),
     'ipa_automount_location' : _("The automounter location this IPA client is using"),
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 56184590..87f69a23 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -141,6 +141,7 @@ krb5_fast_principal = str, None, false
 
 [provider/ipa/access]
 ipa_hbac_refresh = int, None, false
+ipa_selinux_refresh = int, None, false
 ipa_hbac_treat_deny_as = str, None, false
 ipa_hbac_support_srchost = bool, None, false
 ipa_host_object_class = str, None, false