diff options
-rw-r--r-- | selinux/ipa_httpd/ipa_httpd.fc | 5 | ||||
-rw-r--r-- | selinux/ipa_httpd/ipa_httpd.te | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.fc b/selinux/ipa_httpd/ipa_httpd.fc index b2c6c1a2d..34e87f9da 100644 --- a/selinux/ipa_httpd/ipa_httpd.fc +++ b/selinux/ipa_httpd/ipa_httpd.fc @@ -3,3 +3,8 @@ # /var/cache/ipa/sessions(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) /var/cache/ipa/assets(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) + +# Make these files writable so the selfsign plugin can operate +/etc/httpd/alias/cert8.db -- gen_context(system_u:object_r:cert_t,s0) +/etc/httpd/alias/key3.db -- gen_context(system_u:object_r:cert_t,s0) +/var/lib/ipa/ca_serialno -- gen_context(system_u:object_r:cert_t,s0) diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te index e5cec8510..e01ca8912 100644 --- a/selinux/ipa_httpd/ipa_httpd.te +++ b/selinux/ipa_httpd/ipa_httpd.te @@ -1,4 +1,4 @@ -module ipa_httpd 1.1; +module ipa_httpd 1.2; require { type httpd_t; |