summaryrefslogtreecommitdiff
path: root/src/providers/ipa
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_common.h1
-rw-r--r--src/providers/ipa/ipa_opts.h1
-rw-r--r--src/providers/ipa/ipa_selinux.c5
3 files changed, 5 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index f077776b..e3915beb 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -47,6 +47,7 @@ enum ipa_basic_opt {
IPA_MASTER_DOMAIN_SEARCH_BASE,
IPA_KRB5_REALM,
IPA_HBAC_REFRESH,
+ IPA_SELINUX_REFRESH,
IPA_HBAC_DENY_METHOD,
IPA_HBAC_SUPPORT_SRCHOST,
IPA_AUTOMOUNT_LOCATION,
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index a2200d1b..7923b1ec 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -45,6 +45,7 @@ struct dp_option ipa_basic_opts[] = {
{ "ipa_master_domain_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
+ { "ipa_selinux_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
{ "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING },
{ "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING },
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 489c203d..6705eea1 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -811,6 +811,7 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
int ret = EOK;
time_t now;
time_t refresh_interval;
+ struct ipa_options *ipa_options = selinux_ctx->id_ctx->ipa_options;
DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving SELinux user mapping\n"));
req = tevent_req_create(mem_ctx, &state, struct ipa_get_selinux_state);
@@ -828,8 +829,8 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
offline ? "offline" : "online"));
if (!offline) {
- /* FIXME: Make the interval configurable */
- refresh_interval = 5;
+ refresh_interval = dp_opt_get_int(ipa_options->basic,
+ IPA_SELINUX_REFRESH);
now = time(NULL);
if (now < selinux_ctx->last_update + refresh_interval) {
/* SELinux maps were recently updated -> force offline */