diff options
author | Ade Lee <alee@redhat.com> | 2012-10-10 00:16:57 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-10-10 00:34:12 -0400 |
commit | c494bd03f8f4f82a4c06457dfc301a606b89e2dc (patch) | |
tree | c69a1e6c273faebc677d04f558c9c0c63b23ff04 /base/deploy | |
parent | 5ef10ba9a3702d1dc2289f7fa163e8989370d2b1 (diff) | |
download | pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.gz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.xz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.zip |
Added pki_tomcat_cert_t type and interface to access it
Added permissions to certmonger to access the certdb. Also added
some missing selinux permissions for pki_tomcat_t
Diffstat (limited to 'base/deploy')
-rw-r--r-- | base/deploy/src/scriptlets/pkiconfig.py | 1 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/selinux_setup.py | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 115e4327d..bfc5b3249 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -192,5 +192,6 @@ pki_master_jython_dict = None PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t" PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t" +PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t" PKI_PORT_SELINUX_CONTEXT = "http_port_t" pki_selinux_config_ports = [] diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 58ec3ad4e..0292081be 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -80,6 +80,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): fcon.add(master['pki_instance_configuration_path'] + self.suffix, config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") + config.pki_log.info("adding selinux fcontext \"%s\"", + master['pki_database_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.add(master['pki_database_path'] + self.suffix, + config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") + portRecords = seobject.portRecords() for port in ports: config.pki_log.info("adding selinux port %s", port, @@ -136,6 +142,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): fcon.delete(master['pki_instance_configuration_path'] + \ self.suffix, "") + config.pki_log.info("deleting selinux fcontext \"%s\"", + master['pki_database_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.delete(master['pki_database_path'] + self.suffix , "") + portRecords = seobject.portRecords() for port in ports: config.pki_log.info("deleting selinux port %s", port, |