summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathan Kinder <nkinder@redhat.com>2012-12-03 12:33:22 -0800
committerAde Lee <alee@redhat.com>2012-12-04 15:25:39 -0500
commitcb3d05b1225137f9a54952045dace4fc1f9a99b8 (patch)
tree4cbfcebb191e4547b3fdd72b5fff1d0347f46515
parenta3f7d585fed02fb8b0adaf46228f23bf1275c596 (diff)
downloadpki-cb3d05b1225137f9a54952045dace4fc1f9a99b8.tar.gz
pki-cb3d05b1225137f9a54952045dace4fc1f9a99b8.tar.xz
pki-cb3d05b1225137f9a54952045dace4fc1f9a99b8.zip
Run restorecon on top-level log directory
We currently run a restorecon on the instance log directory, but not on the top level log directory. Restorecon is required for the top level log directory since pkispawn creates it. Without running a restorecon, it gets the label of the parent directory (var_log_t) instead of consulting the fcontext rule in the base policy and using pki_var_log_t. Ticket #431
-rw-r--r--base/deploy/src/scriptlets/selinux_setup.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py
index 98bfcd48e..87e129f75 100644
--- a/base/deploy/src/scriptlets/selinux_setup.py
+++ b/base/deploy/src/scriptlets/selinux_setup.py
@@ -36,6 +36,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def restore_context(self):
selinux.restorecon(master['pki_instance_path'], True)
+ selinux.restorecon(config.PKI_DEPLOYMENT_LOG_ROOT, True)
selinux.restorecon(master['pki_instance_log_path'], True)
selinux.restorecon(master['pki_instance_configuration_path'], True)