diff options
| author | Ade Lee <alee@redhat.com> | 2012-04-16 16:17:25 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-04-16 16:21:22 -0400 |
| commit | 1eee69dddecd41703252d958a3bc1e5d08a21cd3 (patch) | |
| tree | 6a58a5890a7d0be70d6c500ba1afdee2c26d10d2 | |
| parent | a037c056e49ef89aad93caa3b19ebb2faa8f4e83 (diff) | |
| download | pki-1eee69dddecd41703252d958a3bc1e5d08a21cd3.tar.gz pki-1eee69dddecd41703252d958a3bc1e5d08a21cd3.tar.xz pki-1eee69dddecd41703252d958a3bc1e5d08a21cd3.zip | |
BZ 813075 - added selinux rule for file size access
| -rw-r--r-- | patches/pki-core-selinux-f17-1.patch | 36 | ||||
| -rw-r--r-- | specs/pki-core.spec | 7 |
2 files changed, 41 insertions, 2 deletions
diff --git a/patches/pki-core-selinux-f17-1.patch b/patches/pki-core-selinux-f17-1.patch new file mode 100644 index 000000000..3ee106400 --- /dev/null +++ b/patches/pki-core-selinux-f17-1.patch @@ -0,0 +1,36 @@ +diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if +index 0709176..20dfc17 100644 +--- a/pki/base/selinux/src/pki.if ++++ b/pki/base/selinux/src/pki.if +@@ -206,6 +206,21 @@ template(`pki_ca_template',` + optional_policy(` + unconfined_domain($1_script_t) + ') ++ ++ # tomcat6 init scripts do runuser and touch lockfile ++ allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override }; ++ allow $1_t self:netlink_audit_socket { nlmsg_relay create read write }; ++ consoletype_exec($1_t) ++ fs_read_hugetlbfs_files($1_t) ++ hostname_exec($1_t) ++ kernel_read_kernel_sysctls($1_t) ++ fs_getattr_xattr_fs($1_t) ++ ++ # java (mislabeled as lib_t?) calls build_classpath ++ libs_exec_lib_files($1_t) ++ ++ selinux_get_enforce_mode($1_t) ++ + ') + + ######################################## +diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te +index 7f6e657..dab02d4 100644 +--- a/pki/base/selinux/src/pki.te ++++ b/pki/base/selinux/src/pki.te +@@ -1,4 +1,4 @@ +-policy_module(pki,10.0.2) ++policy_module(pki,10.0.4) + + attribute pki_ca_config; + attribute pki_ca_executable; diff --git a/specs/pki-core.spec b/specs/pki-core.spec index ee16955e3..837557db6 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} Name: pki-core Version: 10.0.0 -Release: %{?relprefix}14%{?prerel}%{?dist} +Release: %{?relprefix}15%{?prerel}%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -67,7 +67,7 @@ BuildRequires: tomcatjss >= 2.0.0 Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz Patch0: %{name}-selinux-f16.patch -Patch1: %{name}-selinux-f17.patch +Patch1: %{name}-selinux-f17-1.patch %if 0%{?rhel} ExcludeArch: ppc ppc64 s390 s390x @@ -1324,6 +1324,9 @@ fi %changelog +* Mon Apr 16 2012 Ade Lee <alee@redhat.com> 10.0.0-0.15.a1 +- BZ 813075 - selinux denial for file size access + * Thu Apr 5 2012 Christina Fu <cfu@redhat.com> 10.0.0-0.14.a1 - Bug 745278 - [RFE] ECC encryption keys cannot be archived |