summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-08-06 10:25:23 -0400
committerAde Lee <alee@redhat.com>2012-08-06 10:33:25 -0400
commit6a891d92d8e741f8d66ea43cefc1c11c69affed4 (patch)
tree9a2e683a7bf1a5ad2a28541e27f1acb4a3c64275
parent178327661293a26dfa3a9dc52dd9464f6d97fd3f (diff)
downloadpki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.tar.gz
pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.tar.xz
pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.zip
Changed selinux context for legacy instances
In the new selinux policy, pki_ca_t etc. are all replaced by pki_tomcat_t. To allow old instances to work under dogtag 10, the context in the run scripts needs to change. Also added a rule needed by selinux policy.
-rw-r--r--base/selinux/src/pki.if1
-rw-r--r--base/setup/scripts/functions2
2 files changed, 2 insertions, 1 deletions
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index 8f62136d5..b456ac995 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -218,6 +218,7 @@ template(`pki_tomcat_template',`
kernel_read_kernel_sysctls($1_t)
selinux_get_enforce_mode($1_t)
dirsrv_manage_var_lib($1_t)
+ tomcat_search_cache($1_t)
# write to /var/log/pki for spawn and destroy
allow $1_t pki_log_t:dir {getattr search};
diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions
index 62dc20694..a4318efae 100644
--- a/base/setup/scripts/functions
+++ b/base/setup/scripts/functions
@@ -756,7 +756,7 @@ start_instance()
export SERVICE_NAME=$PKI_INSTANCE_ID
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
- /usr/bin/runcon -t pki_${PKI_SUBSYSTEM_TYPE}_script_t \
+ /usr/bin/runcon -t pki_tomcat_script_t \
$PKI_INSTANCE_INITSCRIPT start
rv=$?
else