diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-01-28 16:07:09 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-01-28 16:07:09 +0000 |
commit | 13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50 (patch) | |
tree | 8349ad5e86fbea80e011af53d56518dea76bf11e | |
parent | ea85f54a756ff1e6603cdee28a90785b3f8db08d (diff) | |
download | pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.tar.gz pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.tar.xz pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.zip |
Bugzilla BZ# 482738: selinux changes for cloning
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@199 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java | 5 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java | 3 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.fc | 1 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.if | 3 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.te | 8 | ||||
-rw-r--r-- | pki/dogtag/common-ui/dogtag-pki-common-ui.spec | 4 | ||||
-rw-r--r-- | pki/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm | 4 | ||||
-rw-r--r-- | pki/dogtag/common/pki-common.spec | 4 | ||||
-rw-r--r-- | pki/dogtag/selinux/pki-selinux.spec | 4 |
9 files changed, 25 insertions, 11 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 0cb7feba6..91bd2a278 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -207,14 +207,17 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String pwd = HttpInput.getPassword(request, "password"); String tokenn = ""; + String instanceRoot = ""; + try { tokenn = config.getString("preop.module.token"); + instanceRoot = config.getString("instanceRoot"); } catch (Exception e) { } if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; - FileInputStream fis = new FileInputStream(path); + FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); while (fis.available() > 0) fis.read(b); fis.close(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index be00bd73c..22472239b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -567,6 +567,9 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString(name, v); } else if (name.startsWith("cloning")) { config.putString(name.replaceFirst("cloning", "preop.cert"), v); } diff --git a/pki/base/selinux/src/pki.fc b/pki/base/selinux/src/pki.fc index 6a8a2abfe..9793383aa 100644 --- a/pki/base/selinux/src/pki.fc +++ b/pki/base/selinux/src/pki.fc @@ -58,7 +58,6 @@ /var/log/pki-tks(/.*)? gen_context(system_u:object_r:pki_tks_log_t,s0) -/usr/sbin/httpd.worker -- gen_context(system_u:object_r:pki_ra_exec_t,s0) /etc/init.d/pki-tps -- gen_context(system_u:object_r:pki_tps_script_exec_t,s0) /etc/pki-tps(/.*)? gen_context(system_u:object_r:pki_tps_etc_rw_t,s0) /var/lib/pki-tps(/.*)? gen_context(system_u:object_r:pki_tps_var_lib_t,s0) diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index 5c2e90d91..fa3ae2360 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -87,9 +87,11 @@ template(`pki_ca_template',` corenet_tcp_bind_all_nodes($1_t) corenet_tcp_bind_ocsp_port($1_t) corenet_tcp_connect_ocsp_port($1_t) + corenet_tcp_connect_generic_port($1_t) # This is for /etc/$1/tomcat.conf: can_exec($1_t, pki_ca_tomcat_exec_t) + allow $1_t $1_tomcat_exec_t:file getattr; # Init script handling domain_use_interactive_fds($1_t) @@ -116,6 +118,7 @@ template(`pki_ca_template',` corecmd_exec_bin($1_t) corecmd_read_bin_symlinks($1_t) corecmd_exec_shell($1_t) + corecmd_search_bin($1_t) dev_list_sysfs($1_t) dev_read_rand($1_t) diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index 71fdc7528..94288188c 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,1.0.1) +policy_module(pki,1.0.2) attribute pki_ca_config; attribute pki_ca_executable; @@ -27,7 +27,7 @@ type pki_kra_tomcat_exec_t; files_type(pki_kra_tomcat_exec_t) pki_ca_template(pki_kra) - +allow pki_kra_t pki_ca_t:process signull; attribute pki_ocsp_config; attribute pki_ocsp_executable; @@ -42,7 +42,7 @@ type pki_ocsp_tomcat_exec_t; files_type(pki_ocsp_tomcat_exec_t) pki_ca_template(pki_ocsp) - +allow pki_ocsp_t pki_ca_t:process signull; attribute pki_ra_config; attribute pki_ra_executable; @@ -72,7 +72,7 @@ type pki_tks_tomcat_exec_t; files_type(pki_tks_tomcat_exec_t) pki_ca_template(pki_tks) - +allow pki_tks_t pki_ca_t:process signull; attribute pki_tps_config; attribute pki_tps_executable; diff --git a/pki/dogtag/common-ui/dogtag-pki-common-ui.spec b/pki/dogtag/common-ui/dogtag-pki-common-ui.spec index dfcc60af0..f83aed09b 100644 --- a/pki/dogtag/common-ui/dogtag-pki-common-ui.spec +++ b/pki/dogtag/common-ui/dogtag-pki-common-ui.spec @@ -34,7 +34,7 @@ ## Package Header Definitions %define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 6 +%define base_release 7 %define base_group System Environment/Base %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -222,6 +222,8 @@ rm -rf ${RPM_BUILD_ROOT} ############################################################################### %changelog +* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-7 +- Bugzilla Bug #482738 - selinux changes needed for cloning * Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 - Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" diff --git a/pki/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm b/pki/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm index 9cac40a7d..8b08ed448 100644 --- a/pki/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm +++ b/pki/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm @@ -28,7 +28,7 @@ function performPanel() { </SCRIPT> <h2>Import Keys and Certificates</h2> <br/> -To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) need to be imported. For a software token, all of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password provided during the creation of this file. To import this PKCS #12 file, enter an appropriate path and password in the form specified below. +To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) need to be imported. For a software token, all of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password provided during the creation of this file. To import this PKCS #12 file, first copy the PKCS #12 file to the alias directory for the cloned subsystem. Then enter an appropriate filename and password in the form specified below. <p> If these keys and certificates are stored in a hardware token, the hardware token vendor needs to be consulted for information on how to import them. <p> @@ -39,7 +39,7 @@ By default, if the path is left blank, no PKCS #12 file will be imported. #end <table class="details"> <tr> - <th>Path where the PKCS #12 file(s) are located:</th> + <th>PKCS #12 filename:</th> <td><input type="text" size="40" name="path" value="$path"/></td> </tr> diff --git a/pki/dogtag/common/pki-common.spec b/pki/dogtag/common/pki-common.spec index 813da276f..7546b21a8 100644 --- a/pki/dogtag/common/pki-common.spec +++ b/pki/dogtag/common/pki-common.spec @@ -34,7 +34,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 32 +%define base_release 33 %define base_group System Environment/Base %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -280,6 +280,8 @@ chmod 00755 %{_datadir}/%{base_prefix}/setup/postinstall ############################################################################### %changelog +* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-33 +- Bugzilla Bugs: 482738 and 482761 * Mon Jan 26 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-32 - Bugzilla Bugs: 480825, 481177, and 481688 * Thu Jan 22 2009 Christina Fu <cfu@redhat.com> 1.0.0-31 diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec index 53febbb8d..210ede38e 100644 --- a/pki/dogtag/selinux/pki-selinux.spec +++ b/pki/dogtag/selinux/pki-selinux.spec @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 2 +%define base_release 3 %define base_group System Environment/Shells %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -238,6 +238,8 @@ fi ############################################################################### %changelog +* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-3 +- Bugzilla Bug #482738 - selinux changes required for cloning * Tue Jan 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 - Bugzilla Bug #480679 - integrate latest selinux code with the rest of the build infrastructure |