diff options
author | Nathan Kinder <nkinder@redhat.com> | 2012-12-03 12:33:22 -0800 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-12-04 15:25:39 -0500 |
commit | cb3d05b1225137f9a54952045dace4fc1f9a99b8 (patch) | |
tree | 4cbfcebb191e4547b3fdd72b5fff1d0347f46515 | |
parent | a3f7d585fed02fb8b0adaf46228f23bf1275c596 (diff) | |
download | pki-cb3d05b1225137f9a54952045dace4fc1f9a99b8.tar.gz pki-cb3d05b1225137f9a54952045dace4fc1f9a99b8.tar.xz pki-cb3d05b1225137f9a54952045dace4fc1f9a99b8.zip |
Run restorecon on top-level log directory
We currently run a restorecon on the instance log directory, but not
on the top level log directory. Restorecon is required for the top
level log directory since pkispawn creates it. Without running a
restorecon, it gets the label of the parent directory (var_log_t)
instead of consulting the fcontext rule in the base policy and using
pki_var_log_t.
Ticket #431
-rw-r--r-- | base/deploy/src/scriptlets/selinux_setup.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 98bfcd48e..87e129f75 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -36,6 +36,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def restore_context(self): selinux.restorecon(master['pki_instance_path'], True) + selinux.restorecon(config.PKI_DEPLOYMENT_LOG_ROOT, True) selinux.restorecon(master['pki_instance_log_path'], True) selinux.restorecon(master['pki_instance_configuration_path'], True) |