diff options
author | Ade Lee <alee@redhat.com> | 2012-08-22 08:38:46 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-08-23 23:02:26 -0400 |
commit | 40edb441626a0e580e7d94c987cba85ce7b62f09 (patch) | |
tree | 046b17d8f0600346c8f3068d34cfaaa28024235c | |
parent | b0476b964e03c23e028c22c51a75af1e82cfd673 (diff) | |
download | pki-40edb441626a0e580e7d94c987cba85ce7b62f09.tar.gz pki-40edb441626a0e580e7d94c987cba85ce7b62f09.tar.xz pki-40edb441626a0e580e7d94c987cba85ce7b62f09.zip |
Revert "BZ 841966 - latest selinux policy fix breaks dogtag"
This change needs to be checked in as a patch to f17, rather than
in upstream code. Otherwise it breaks f16.
This reverts commit 868e724716512762ad780f15a10a7a4b88fb1487.
-rw-r--r-- | base/selinux/src/pki.if | 7 | ||||
-rw-r--r-- | specs/pki-core.spec | 5 |
2 files changed, 2 insertions, 10 deletions
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if index af4b7b672..0709176ea 100644 --- a/base/selinux/src/pki.if +++ b/base/selinux/src/pki.if @@ -38,18 +38,12 @@ template(`pki_ca_template',` gen_require(` type java_exec_t; type initrc_t; - type tomcat_exec_t; - type tomcat_cache_t; ') domtrans_pattern($1_script_t, java_exec_t, $1_t) role system_r types $1_script_t; allow $1_t java_exec_t:file entrypoint; allow initrc_t $1_script_t:process transition; - can_exec($1_t, tomcat_exec_t) - miscfiles_read_hwdata($1_t) - allow pki_ca_t tomcat_cache_t:dir {getattr search}; - #tomcat_search_cache($1_t) type $1_etc_rw_t, pki_ca_config; files_type($1_etc_rw_t) @@ -96,6 +90,7 @@ template(`pki_ca_template',` # for file signing corenet_tcp_connect_http_port($1_t) + # This is for /etc/$1/tomcat.conf: can_exec($1_t, $1_tomcat_exec_t) allow $1_t $1_tomcat_exec_t:file {getattr read}; diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 4b305b04a..b761011d5 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -1,5 +1,5 @@ Name: pki-core -Version: 9.0.21 +Version: 9.0.20 Release: 1%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ @@ -749,9 +749,6 @@ fi %changelog -* Fri Jul 20 2012 Ade Lee <alee@redhat.com> 9.0.21-1 -- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag - * Mon May 7 2012 Andrew Wnuk <awnuk@redhat.com> 9.0.20-1 - New official build |