diff options
| author | Ade Lee <alee@redhat.com> | 2012-02-23 17:49:29 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-02-23 21:02:02 -0500 |
| commit | 0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01 (patch) | |
| tree | d13f6939bf117a2494b738f71f7a5fa07096527b | |
| parent | 5d293f5e51a1c79ea1727431cda6a5d17f1378c5 (diff) | |
| download | pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.tar.gz pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.tar.xz pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.zip | |
BZ 739708 Selinux fix for ephemeral ports
| -rw-r--r-- | pki/base/selinux/src/pki.if | 3 | ||||
| -rw-r--r-- | pki/base/selinux/src/pki.te | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index 47e34e861..0709176ea 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -192,6 +192,9 @@ template(`pki_ca_template',` #connect to ldap corenet_tcp_connect_ldap_port($1_t) + # tomcat connects to ephemeral ports on shutdown + corenet_tcp_connect_all_unreserved_ports($1_t) + optional_policy(` #This is broken in selinux-policy we need java_exec defined, Will add to policy gen_require(` diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index f506553ee..7f6e65738 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,10.0.1) +policy_module(pki,10.0.2) attribute pki_ca_config; attribute pki_ca_executable; |