Bugzilla Bug #495157 - SELinux prevents CA from using nethsm pkcs11 module

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@492 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

6 files changed, 19 insertions, 0 deletions

diff --git a/pki/base/ca/shared/etc/init.d/httpd b/pki/base/ca/shared/etc/init.d/httpd
index 4df900f36..49c8e1517 100755
--- a/pki/base/ca/shared/etc/init.d/httpd
+++ b/pki/base/ca/shared/etc/init.d/httpd
@@ -453,6 +453,9 @@ start()
 	chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID
   	[ -x /sbin/restorecon ] && /sbin/restorecon  $CATALINA_PID
 
+        # restore context for ncipher hsm
+        [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
+
 	# Always initialize CLASSPATH to start looking
 	# in the local PKI classes directory . . .
 	CLASSPATH=/usr/share/[PKI_FLAVOR]/classes
diff --git a/pki/base/kra/shared/etc/init.d/httpd b/pki/base/kra/shared/etc/init.d/httpd
index df8bd8478..a6c356743 100755
--- a/pki/base/kra/shared/etc/init.d/httpd
+++ b/pki/base/kra/shared/etc/init.d/httpd
@@ -380,6 +380,9 @@ start()
 	chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID
   	[ -x /sbin/restorecon ] && /sbin/restorecon  $CATALINA_PID
 
+        # restore context for ncipher hsm
+        [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
+
 	# Always initialize CLASSPATH to start looking
 	# in the local PKI classes directory . . .
 	CLASSPATH=/usr/share/[PKI_FLAVOR]/classes
diff --git a/pki/base/ocsp/shared/etc/init.d/httpd b/pki/base/ocsp/shared/etc/init.d/httpd
index f57de338a..cb74c1ab4 100755
--- a/pki/base/ocsp/shared/etc/init.d/httpd
+++ b/pki/base/ocsp/shared/etc/init.d/httpd
@@ -380,6 +380,9 @@ start()
 	chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID
   	[ -x /sbin/restorecon ] && /sbin/restorecon  $CATALINA_PID
 
+        # restore context for ncipher hsm
+        [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
+
 	# Always initialize CLASSPATH to start looking
 	# in the local PKI classes directory . . .
 	CLASSPATH=/usr/share/[PKI_FLAVOR]/classes
diff --git a/pki/base/ra/etc/init.d/httpd b/pki/base/ra/etc/init.d/httpd
index 2adaaeea4..aecd99aec 100755
--- a/pki/base/ra/etc/init.d/httpd
+++ b/pki/base/ra/etc/init.d/httpd
@@ -333,6 +333,10 @@ start()
 		fi
 	fi
 
+        # restore context for ncipher hsm
+        [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
+
+
 	if [ -x /etc/init.d/functions ]; then
 		/usr/sbin/selinuxenabled
 		RETVAL=$?
diff --git a/pki/base/tks/shared/etc/init.d/httpd b/pki/base/tks/shared/etc/init.d/httpd
index 2274a69bf..3ee446aeb 100755
--- a/pki/base/tks/shared/etc/init.d/httpd
+++ b/pki/base/tks/shared/etc/init.d/httpd
@@ -380,6 +380,9 @@ start()
 	chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID
   	[ -x /sbin/restorecon ] && /sbin/restorecon  $CATALINA_PID
 
+        # restore context for ncipher hsm
+        [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
+
 	# Always initialize CLASSPATH to start looking
 	# in the local PKI classes directory . . .
 	CLASSPATH=/usr/share/[PKI_FLAVOR]/classes
diff --git a/pki/base/tps/etc/init.d/httpd b/pki/base/tps/etc/init.d/httpd
index a638fc3a2..c73f98a85 100755
--- a/pki/base/tps/etc/init.d/httpd
+++ b/pki/base/tps/etc/init.d/httpd
@@ -344,6 +344,9 @@ start()
 		fi
 	fi
 
+        # restore context for ncipher hsm
+        [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
+
 	if [ -x /etc/init.d/functions ]; then
 		/usr/sbin/selinuxenabled
 		RETVAL=$?