Added pki_tomcat_cert_t type and interface to access it

Added permissions to certmonger to access the certdb. Also added some missing selinux permissions for pki_tomcat_t
author: Ade Lee <alee@redhat.com> 2012-10-10 00:16:57 -0400
committer: Ade Lee <alee@redhat.com> 2012-10-10 00:34:12 -0400
commit: c494bd03f8f4f82a4c06457dfc301a606b89e2dc (patch)
tree: c69a1e6c273faebc677d04f558c9c0c63b23ff04 /base/deploy
parent: 5ef10ba9a3702d1dc2289f7fa163e8989370d2b1 (diff)
download: pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.gz
pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.xz
pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.zip
2 files changed, 12 insertions, 0 deletions
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index 115e4327d..bfc5b3249 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -192,5 +192,6 @@ pki_master_jython_dict = None
 PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t"
 PKI_LOG_SELINUX_CONTEXT      = "pki_tomcat_log_t"
 PKI_CFG_SELINUX_CONTEXT      = "pki_tomcat_etc_rw_t"
+PKI_CERTDB_SELINUX_CONTEXT   = "pki_tomcat_cert_t"
 PKI_PORT_SELINUX_CONTEXT     = "http_port_t"
 pki_selinux_config_ports = []
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py
index 58ec3ad4e..0292081be 100644
--- a/base/deploy/src/scriptlets/selinux_setup.py
+++ b/base/deploy/src/scriptlets/selinux_setup.py
@@ -80,6 +80,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 fcon.add(master['pki_instance_configuration_path'] + self.suffix,
                       config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "")
 
+                config.pki_log.info("adding selinux fcontext \"%s\"",
+                        master['pki_database_path'] + self.suffix,
+                        extra=config.PKI_INDENTATION_LEVEL_2)
+                fcon.add(master['pki_database_path'] + self.suffix,
+                      config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "")
+
             portRecords = seobject.portRecords()
             for port in ports:
                 config.pki_log.info("adding selinux port %s", port,
@@ -136,6 +142,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 fcon.delete(master['pki_instance_configuration_path'] + \
                          self.suffix, "")
 
+                config.pki_log.info("deleting selinux fcontext \"%s\"",
+                        master['pki_database_path'] + self.suffix,
+                        extra=config.PKI_INDENTATION_LEVEL_2)
+                fcon.delete(master['pki_database_path'] + self.suffix , "")
+
             portRecords = seobject.portRecords()
             for port in ports:
                 config.pki_log.info("deleting selinux port %s", port,
author	Ade Lee <alee@redhat.com>	2012-10-10 00:16:57 -0400
committer	Ade Lee <alee@redhat.com>	2012-10-10 00:34:12 -0400
commit	c494bd03f8f4f82a4c06457dfc301a606b89e2dc (patch)
tree	c69a1e6c273faebc677d04f558c9c0c63b23ff04 /base/deploy
parent	5ef10ba9a3702d1dc2289f7fa163e8989370d2b1 (diff)
download	pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.gz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.xz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.zip