diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-12-16 16:04:06 -0500 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-12-16 19:26:40 -0700 |
commit | 585540e0a2d28d0e275dcb17d317880ff1a6d80f (patch) | |
tree | a1145413a76d8c3eca3e74b6a27f84253036ff06 /selinux/ipa_httpd/ipa_httpd.fc | |
parent | 0e4a1b5be5282b532240846746c464639135aca1 (diff) | |
download | freeipa-585540e0a2d28d0e275dcb17d317880ff1a6d80f.tar.gz freeipa-585540e0a2d28d0e275dcb17d317880ff1a6d80f.tar.xz freeipa-585540e0a2d28d0e275dcb17d317880ff1a6d80f.zip |
Set the context of files needed by the selfsign CA so Apache can write them
Diffstat (limited to 'selinux/ipa_httpd/ipa_httpd.fc')
-rw-r--r-- | selinux/ipa_httpd/ipa_httpd.fc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.fc b/selinux/ipa_httpd/ipa_httpd.fc index b2c6c1a2d..34e87f9da 100644 --- a/selinux/ipa_httpd/ipa_httpd.fc +++ b/selinux/ipa_httpd/ipa_httpd.fc @@ -3,3 +3,8 @@ # /var/cache/ipa/sessions(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) /var/cache/ipa/assets(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) + +# Make these files writable so the selfsign plugin can operate +/etc/httpd/alias/cert8.db -- gen_context(system_u:object_r:cert_t,s0) +/etc/httpd/alias/key3.db -- gen_context(system_u:object_r:cert_t,s0) +/var/lib/ipa/ca_serialno -- gen_context(system_u:object_r:cert_t,s0) |