Soon, in fedora SSSD will be installing a binary /usr/libexec/sssd/passkey_child. This needs to have the same SELinux context type as /usr/libexec/sssd/oidc_child, specifically it needs the 'ipa_otpd_exec_t' type. Currently this is in active development but we are targeting Fedora 39 for the introduction of the sssd-passkey package. ls -Z /usr/libexec/sssd/passkey_child system_u:object_r:bin_t:s0 /usr/libexec/sssd/passkey_child ls -Z /usr/libexec/sssd/oidc_child system_u:object_r:ipa_otpd_exec_t:s0 /usr/libexec/sssd/oidc_child
You've requested a change for rules which are in the freeipa-selinux package, so changing the component.
Upstream PR: https://github.com/flo-renaud/freeipa/pull/37 The code for passkey support is stored in the passkey branch of the above github repo for now.
A build is available for testing in the copr repo from https://copr.fedorainfracloud.org/coprs/ipedrosa/passkey-auth/
Fixed upstream master: https://pagure.io/freeipa/c/574517cb165eb3d89dc3492895cf830a9bde67b2 https://pagure.io/freeipa/c/af569508c1cefbbbfde2fe52b02fe4545818b04a https://pagure.io/freeipa/c/4bd1be9e90ea7369edb4ae15ff8c51232d5ab850 https://pagure.io/freeipa/c/a21214cb9e96ff7fdb4f55b5a4817b1ce60632c0 https://pagure.io/freeipa/c/ae3c281a64c994cae10709a2e284f3830de64781 https://pagure.io/freeipa/c/7911b2466d892386721952991d5150412530fb6e https://pagure.io/freeipa/c/a7d90c1ef5e70a532f4515c18bf3e073c11ab87c https://pagure.io/freeipa/c/f8580cae4b01568a6ab98b405435e83231994896 https://pagure.io/freeipa/c/d207f6bf328a9f2a3e07094aeab111aebca932de https://pagure.io/freeipa/c/56e179748ba4844ce0c5e505803170b901e2a3c4 https://pagure.io/freeipa/c/6f0da62f5afa65941c280e16bd12215a57e4d6b0 https://pagure.io/freeipa/c/c58e483095d21aaa98f546425a99dc22d31dfb4a https://pagure.io/freeipa/c/510f806a9f4f82d39772f22e3262ca6c17c918be https://pagure.io/freeipa/c/c016e271b2bddde5c26822fee78e7f07b95dddc3 https://pagure.io/freeipa/c/b650783a180e6c81a6ccec3fd18ee9ed13edaf12 https://pagure.io/freeipa/c/9963dcdd5b261011793072d92168c5961ece35ad https://pagure.io/freeipa/c/0075c8b8f66a28f80029fb3184e1eeb6b0f99f79 https://pagure.io/freeipa/c/c0f71b052560e5ac9782c582f151ca0bc7312d62 https://pagure.io/freeipa/c/14526c50bbabb8df43fa6420b678fcfc3ecd6436 https://pagure.io/freeipa/c/31b70ee32470b6999306bdc38035266d6a496c9e https://pagure.io/freeipa/c/9caea3205cbd99649bd9b9eca4e9322f058d4a98 https://pagure.io/freeipa/c/e7a69b3d9f6768afd524bf36dc9b208d9f7730f1 https://pagure.io/freeipa/c/62e28e424769b35a19d424de45eade38c26082f3 https://pagure.io/freeipa/c/a02fd5305ee42307a159db7ece40ffc305bc7e59 https://pagure.io/freeipa/c/b252988da63c1b14da241438c744b882f416f189 https://pagure.io/freeipa/c/8d12d497f68961a5c2b614572f016980a9acca55 https://pagure.io/freeipa/c/e5c292cdada69a93a03de0fa6e48aa713b432ba1 https://pagure.io/freeipa/c/665227e43755c0869f25e986265c0533af1cc7f7 https://pagure.io/freeipa/c/e0acc51ff579251aeadf2a624ffd2bb91c2a4ef0 https://pagure.io/freeipa/c/957d67aca50958ad03a7e4d9831ef722b592fa69 https://pagure.io/freeipa/c/105b03370cd5725a9ae57701da09efd0cdeed1f6
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.
FreeIPA 4.11.0 beta1 is already in Fedora 39.