Revert "BZ 841966 - latest selinux policy fix breaks dogtag"

This change needs to be checked in as a patch to f17, rather than
in upstream code.  Otherwise it breaks f16.

This reverts commit 868e724716512762ad780f15a10a7a4b88fb1487.

2 files changed, 2 insertions, 10 deletions

diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index af4b7b672..0709176ea 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -38,18 +38,12 @@ template(`pki_ca_template',`
         gen_require(`
                 type java_exec_t;
                 type initrc_t;
-                type tomcat_exec_t;
-                type tomcat_cache_t;
         ')
         domtrans_pattern($1_script_t, java_exec_t, $1_t)
 
         role system_r types $1_script_t;
         allow $1_t java_exec_t:file entrypoint;
         allow initrc_t $1_script_t:process transition;
-        can_exec($1_t, tomcat_exec_t)
-        miscfiles_read_hwdata($1_t)
-        allow pki_ca_t tomcat_cache_t:dir {getattr search};
-        #tomcat_search_cache($1_t)
 
 	type $1_etc_rw_t, pki_ca_config;
 	files_type($1_etc_rw_t)
@@ -96,6 +90,7 @@ template(`pki_ca_template',`
         # for file signing
         corenet_tcp_connect_http_port($1_t)
 
+	# This is for /etc/$1/tomcat.conf:
 	can_exec($1_t, $1_tomcat_exec_t)
         allow $1_t $1_tomcat_exec_t:file {getattr read};
 
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 4b305b04a..b761011d5 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -1,5 +1,5 @@
 Name:             pki-core
-Version:          9.0.21
+Version:          9.0.20
 Release:          1%{?dist}
 Summary:          Certificate System - PKI Core Components
 URL:              http://pki.fedoraproject.org/
@@ -749,9 +749,6 @@ fi
 
 
 %changelog
-* Fri Jul 20 2012 Ade Lee <alee@redhat.com> 9.0.21-1
-- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
-
 * Mon May 7 2012 Andrew Wnuk <awnuk@redhat.com> 9.0.20-1
 - New official build