diff options
| author | Ade Lee <alee@redhat.com> | 2012-08-06 10:25:23 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-08-06 10:33:25 -0400 |
| commit | 6a891d92d8e741f8d66ea43cefc1c11c69affed4 (patch) | |
| tree | 9a2e683a7bf1a5ad2a28541e27f1acb4a3c64275 | |
| parent | 178327661293a26dfa3a9dc52dd9464f6d97fd3f (diff) | |
| download | pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.tar.gz pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.tar.xz pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.zip | |
Changed selinux context for legacy instances
In the new selinux policy, pki_ca_t etc. are all replaced by
pki_tomcat_t. To allow old instances to work under dogtag 10, the
context in the run scripts needs to change.
Also added a rule needed by selinux policy.
| -rw-r--r-- | base/selinux/src/pki.if | 1 | ||||
| -rw-r--r-- | base/setup/scripts/functions | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if index 8f62136d5..b456ac995 100644 --- a/base/selinux/src/pki.if +++ b/base/selinux/src/pki.if @@ -218,6 +218,7 @@ template(`pki_tomcat_template',` kernel_read_kernel_sysctls($1_t) selinux_get_enforce_mode($1_t) dirsrv_manage_var_lib($1_t) + tomcat_search_cache($1_t) # write to /var/log/pki for spawn and destroy allow $1_t pki_log_t:dir {getattr search}; diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions index 62dc20694..a4318efae 100644 --- a/base/setup/scripts/functions +++ b/base/setup/scripts/functions @@ -756,7 +756,7 @@ start_instance() export SERVICE_NAME=$PKI_INSTANCE_ID if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then - /usr/bin/runcon -t pki_${PKI_SUBSYSTEM_TYPE}_script_t \ + /usr/bin/runcon -t pki_tomcat_script_t \ $PKI_INSTANCE_INITSCRIPT start rv=$? else |