diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-11-25 13:42:52 -0500 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-11-26 00:16:30 -0700 |
| commit | cfec51819bd40f2795f0771a74714e0ce1135c26 (patch) | |
| tree | 3daa879cb56da29bcdbc0574e279685874c16696 /selinux/Makefile | |
| parent | 986c4e23e7f640911cbe72129dc3f675438f35d4 (diff) | |
| download | freeipa-cfec51819bd40f2795f0771a74714e0ce1135c26.tar.gz freeipa-cfec51819bd40f2795f0771a74714e0ce1135c26.tar.xz freeipa-cfec51819bd40f2795f0771a74714e0ce1135c26.zip | |
Add SELinux policy for CRL file publishing.
This policy should really be provided by dogtag. We don't want
to grant read/write access to everything dogtag can handle so we
change the context to cert_t instead. But we have to let dogtag
read/write that too hence this policy.
To top it off we can't load this policy unless dogtag is also loaded
so we insert it in the IPA installer
Diffstat (limited to 'selinux/Makefile')
| -rw-r--r-- | selinux/Makefile | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/selinux/Makefile b/selinux/Makefile index 6780a8b48..62b7bf7ed 100644 --- a/selinux/Makefile +++ b/selinux/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = ipa_kpasswd ipa_httpd +SUBDIRS = ipa_kpasswd ipa_httpd ipa_dogtag POLICY_MAKEFILE = /usr/share/selinux/devel/Makefile POLICY_DIR = $(DESTDIR)/usr/share/selinux/targeted @@ -23,6 +23,7 @@ install: all install -d $(POLICY_DIR) install -m 644 ipa_kpasswd/ipa_kpasswd.pp $(POLICY_DIR) install -m 644 ipa_httpd/ipa_httpd.pp $(POLICY_DIR) + install -m 644 ipa_dogtag/ipa_dogtag.pp $(POLICY_DIR) load: /usr/sbin/semodule -i ipa_kpasswd/ipa_kpasswd.pp ipa_httpd/ipa_httpd.pp |