diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-12-16 16:04:06 -0500 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-12-16 19:26:40 -0700 |
| commit | 585540e0a2d28d0e275dcb17d317880ff1a6d80f (patch) | |
| tree | a1145413a76d8c3eca3e74b6a27f84253036ff06 /selinux/ipa_httpd | |
| parent | 0e4a1b5be5282b532240846746c464639135aca1 (diff) | |
| download | freeipa-585540e0a2d28d0e275dcb17d317880ff1a6d80f.tar.gz freeipa-585540e0a2d28d0e275dcb17d317880ff1a6d80f.tar.xz freeipa-585540e0a2d28d0e275dcb17d317880ff1a6d80f.zip | |
Set the context of files needed by the selfsign CA so Apache can write them
Diffstat (limited to 'selinux/ipa_httpd')
| -rw-r--r-- | selinux/ipa_httpd/ipa_httpd.fc | 5 | ||||
| -rw-r--r-- | selinux/ipa_httpd/ipa_httpd.te | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.fc b/selinux/ipa_httpd/ipa_httpd.fc index b2c6c1a2d..34e87f9da 100644 --- a/selinux/ipa_httpd/ipa_httpd.fc +++ b/selinux/ipa_httpd/ipa_httpd.fc @@ -3,3 +3,8 @@ # /var/cache/ipa/sessions(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) /var/cache/ipa/assets(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) + +# Make these files writable so the selfsign plugin can operate +/etc/httpd/alias/cert8.db -- gen_context(system_u:object_r:cert_t,s0) +/etc/httpd/alias/key3.db -- gen_context(system_u:object_r:cert_t,s0) +/var/lib/ipa/ca_serialno -- gen_context(system_u:object_r:cert_t,s0) diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te index e5cec8510..e01ca8912 100644 --- a/selinux/ipa_httpd/ipa_httpd.te +++ b/selinux/ipa_httpd/ipa_httpd.te @@ -1,4 +1,4 @@ -module ipa_httpd 1.1; +module ipa_httpd 1.2; require { type httpd_t; |