From cfec51819bd40f2795f0771a74714e0ce1135c26 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 25 Nov 2009 13:42:52 -0500 Subject: Add SELinux policy for CRL file publishing. This policy should really be provided by dogtag. We don't want to grant read/write access to everything dogtag can handle so we change the context to cert_t instead. But we have to let dogtag read/write that too hence this policy. To top it off we can't load this policy unless dogtag is also loaded so we insert it in the IPA installer --- selinux/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'selinux/Makefile') diff --git a/selinux/Makefile b/selinux/Makefile index 6780a8b48..62b7bf7ed 100644 --- a/selinux/Makefile +++ b/selinux/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = ipa_kpasswd ipa_httpd +SUBDIRS = ipa_kpasswd ipa_httpd ipa_dogtag POLICY_MAKEFILE = /usr/share/selinux/devel/Makefile POLICY_DIR = $(DESTDIR)/usr/share/selinux/targeted @@ -23,6 +23,7 @@ install: all install -d $(POLICY_DIR) install -m 644 ipa_kpasswd/ipa_kpasswd.pp $(POLICY_DIR) install -m 644 ipa_httpd/ipa_httpd.pp $(POLICY_DIR) + install -m 644 ipa_dogtag/ipa_dogtag.pp $(POLICY_DIR) load: /usr/sbin/semodule -i ipa_kpasswd/ipa_kpasswd.pp ipa_httpd/ipa_httpd.pp -- cgit