diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-02-09 17:24:02 -0500 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2010-02-10 11:20:32 -0700 |
commit | 75f2cba67953258f59f072d3b5704c877d354555 (patch) | |
tree | f04446068eae342faf563d97352e90525a4cb048 /selinux | |
parent | 37ced5571bfc412b2831da9d8091f2833655c535 (diff) | |
download | freeipa-75f2cba67953258f59f072d3b5704c877d354555.tar.gz freeipa-75f2cba67953258f59f072d3b5704c877d354555.tar.xz freeipa-75f2cba67953258f59f072d3b5704c877d354555.zip |
SELinux fix for Apache to read CRLs
Diffstat (limited to 'selinux')
-rw-r--r-- | selinux/ipa_dogtag/ipa_dogtag.te | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/selinux/ipa_dogtag/ipa_dogtag.te b/selinux/ipa_dogtag/ipa_dogtag.te index b3fce00da..937d9a248 100644 --- a/selinux/ipa_dogtag/ipa_dogtag.te +++ b/selinux/ipa_dogtag/ipa_dogtag.te @@ -1,12 +1,15 @@ -module ipa_dogtag 1.2; +module ipa_dogtag 1.3; require { type httpd_t; type cert_t; type pki_ca_t; + type pki_ca_var_lib_t; class dir write; class dir add_name; class dir remove_name; + class dir search; + class dir getattr; class file create; class file write; class file rename; @@ -27,3 +30,6 @@ allow pki_ca_t cert_t:file rename; # Let dogtag manage cert_t symbolic links allow pki_ca_t cert_t:lnk_file create; allow pki_ca_t cert_t:lnk_file rename; + +# Let apache read the CRLs +allow httpd_t pki_ca_var_lib_t:dir { search getattr }; |