diff options
| author | Ade Lee <alee@redhat.com> | 2012-10-01 13:55:03 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-10-05 15:55:44 -0400 |
| commit | 6e79c7cb922072614155c067e26fab446893bae7 (patch) | |
| tree | fa20f7008ad42acb2d1e83f6c193c16d6d8e1230 /base/deploy | |
| parent | f542060e64edc632715d19bf2d459d064ec4eaf4 (diff) | |
| download | pki-6e79c7cb922072614155c067e26fab446893bae7.tar.gz pki-6e79c7cb922072614155c067e26fab446893bae7.tar.xz pki-6e79c7cb922072614155c067e26fab446893bae7.zip | |
add selinux context for pkidaemon, remove unneeded pid and lock code
remove runcon from operations, add rules for spawn/destroy,
add mgrepl changes to policy
Diffstat (limited to 'base/deploy')
| -rw-r--r-- | base/deploy/scripts/operations | 51 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 2 |
2 files changed, 4 insertions, 49 deletions
diff --git a/base/deploy/scripts/operations b/base/deploy/scripts/operations index d4c03d084..4716e766f 100644 --- a/base/deploy/scripts/operations +++ b/base/deploy/scripts/operations @@ -1220,20 +1220,8 @@ start_instance() # of the tomcat init script knows which instance specific # configuration file to source. export SERVICE_NAME=$PKI_INSTANCE_ID - - if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then - # HACKS: - # (1) MUST eventually replace hard-coded 'pki_ca_script_t' - # with programmatic replacement of either - # 'pki_tomcat_script_t' or 'pki_apache_script_t', AND - # (2) MUST currently be run with SELinux in 'Permissive' mode! - /usr/bin/runcon -t pki_tomcat_script_t \ - $PKI_INSTANCE_INITSCRIPT start - rv=$? - else - $PKI_INSTANCE_INITSCRIPT start - rv=$? - fi + $PKI_INSTANCE_INITSCRIPT start + rv=$? ;; apache) $PKI_INSTANCE_INITSCRIPT start @@ -1283,36 +1271,6 @@ start_instance() return 6 else # 0 success - - # Tomcat instances automatically place pid files under - # '/var/run' and lock files under '/var/lock/subsys'. - # - # However, since PKI subsystem instances can have any name, - # in order to identify the PKI subsystem type of a particular - # PKI instance, we create a separate "pki subsystem identity" - # symlink to the PKI instance pid file and place it under - # '/var/run/pki/<pki subsystem>', and a separate - # "pki subsystem identity" symlink to the PKI instance - # lock file and place it under '/var/lock/pki/<pki subsystem>'. - # - case $PKI_WEB_SERVER_TYPE in - tomcat) - if [ -h ${PKI_PIDFILE} ]; then - rm -f ${PKI_PIDFILE} - fi - if [ -f ${TOMCAT_PIDFILE} ]; then - ln -s ${TOMCAT_PIDFILE} ${PKI_PIDFILE} - chown -h ${TOMCAT_USER}:${TOMCAT_GROUP} ${PKI_PIDFILE} - fi - if [ -h ${PKI_LOCKFILE} ]; then - rm -f ${PKI_LOCKFILE} - fi - if [ -f ${TOMCAT_LOCKFILE} ]; then - ln -s ${TOMCAT_LOCKFILE} ${PKI_LOCKFILE} - fi - ;; - esac - return 0 fi fi @@ -1332,12 +1290,9 @@ stop_instance() # that were previously associated with the Tomcat 'pid' and 'lock' files. case $PKI_WEB_SERVER_TYPE in tomcat) - if [ -h ${PKI_PIDFILE} ]; then + if [ -f ${PKI_PIDFILE} ]; then rm -f ${PKI_PIDFILE} fi - if [ -h ${PKI_LOCKFILE} ]; then - rm -f ${PKI_LOCKFILE} - fi ;; esac diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index a235c5917..a349436ff 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -1259,7 +1259,7 @@ def compose_pki_master_dictionary(): config.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] =\ config.pki_master_dict['pki_instance_log_path'] config.pki_master_dict['TOMCAT_PIDFILE_SLOT'] =\ - "/var/run/" + config.pki_master_dict['pki_instance_id'] + ".pid" + "/var/run/pki/tomcat/" + config.pki_master_dict['pki_instance_id'] + ".pid" config.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] =\ config.pki_master_dict['pki_tomcat_server_port'] config.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] =\ |