diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-08-24 13:42:48 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-08-26 09:51:19 -0400 |
commit | 08fc563212faeca9aa4dc9339acedcac3751ca5d (patch) | |
tree | 324c0c5ed15a24b0a8a2fd8ecaf153e561c51530 /selinux/ipa_httpd | |
parent | 7a7041045e127e0537bd5eb1592bf58c846bb64d (diff) | |
download | freeipa-08fc563212faeca9aa4dc9339acedcac3751ca5d.tar.gz freeipa-08fc563212faeca9aa4dc9339acedcac3751ca5d.tar.xz freeipa-08fc563212faeca9aa4dc9339acedcac3751ca5d.zip |
Generate CRLs and make them available from the IPA web server
Diffstat (limited to 'selinux/ipa_httpd')
-rw-r--r-- | selinux/ipa_httpd/ipa_httpd.te | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te new file mode 100644 index 000000000..a13ebc128 --- /dev/null +++ b/selinux/ipa_httpd/ipa_httpd.te @@ -0,0 +1,16 @@ +module ipa_httpd 1.0; + +require { + type pki_ca_var_lib_t; + type httpd_t; + class lnk_file { read getattr }; + class dir { read search open getattr }; + class file { getattr read open execute }; +} + +# Let Apache read the directories within the certificate authority +# so it can read the published CRLs. +allow httpd_t pki_ca_var_lib_t:dir { read search open getattr }; +allow httpd_t pki_ca_var_lib_t:file { read getattr open }; +allow httpd_t pki_ca_var_lib_t:lnk_file { read getattr }; + |