diff options
author | Ade Lee <alee@redhat.com> | 2012-10-10 00:16:57 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-10-10 00:34:12 -0400 |
commit | c494bd03f8f4f82a4c06457dfc301a606b89e2dc (patch) | |
tree | c69a1e6c273faebc677d04f558c9c0c63b23ff04 /base/selinux/src/pki.te | |
parent | 5ef10ba9a3702d1dc2289f7fa163e8989370d2b1 (diff) | |
download | pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.gz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.xz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.zip |
Added pki_tomcat_cert_t type and interface to access it
Added permissions to certmonger to access the certdb. Also added
some missing selinux permissions for pki_tomcat_t
Diffstat (limited to 'base/selinux/src/pki.te')
-rw-r--r-- | base/selinux/src/pki.te | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/base/selinux/src/pki.te b/base/selinux/src/pki.te index 7fa76adb9..c8900bc7f 100644 --- a/base/selinux/src/pki.te +++ b/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,10.0.10) +policy_module(pki,10.0.11) type pki_log_t; files_type(pki_log_t) @@ -12,6 +12,9 @@ files_type(pki_common_dev_t) type pki_tomcat_etc_rw_t; files_type(pki_tomcat_etc_rw_t) +type pki_tomcat_cert_t; +files_type(pki_tomcat_cert_t) + tomcat_domain_template(pki_tomcat) permissive pki_tomcat_t; @@ -23,6 +26,7 @@ require { type systemd_unit_file_t; type setfiles_t; type load_policy_t; + type certmonger_t; } allow pki_tomcat_t self:capability { setuid chown setgid fowner audit_write dac_override sys_nice fsetid}; @@ -40,6 +44,9 @@ allow pki_tomcat_t self:key { write read }; manage_dirs_pattern(pki_tomcat_t, pki_tomcat_etc_rw_t, pki_tomcat_etc_rw_t) manage_files_pattern(pki_tomcat_t, pki_tomcat_etc_rw_t, pki_tomcat_etc_rw_t) +manage_dirs_pattern(pki_tomcat_t, pki_tomcat_cert_t, pki_tomcat_cert_t) +manage_files_pattern(pki_tomcat_t, pki_tomcat_cert_t, pki_tomcat_cert_t) + manage_dirs_pattern(pki_tomcat_t, pki_tomcat_lock_t, pki_tomcat_lock_t) manage_files_pattern(pki_tomcat_t, pki_tomcat_lock_t, pki_tomcat_lock_t) manage_lnk_files_pattern(pki_tomcat_t, pki_tomcat_lock_t, pki_tomcat_lock_t) @@ -77,6 +84,8 @@ logging_send_syslog_msg(pki_tomcat_t) miscfiles_read_hwdata(pki_tomcat_t) files_manage_generic_tmp_files(pki_tomcat_t) +userdom_manage_user_tmp_dirs(pki_tomcat_t) +userdom_manage_user_tmp_files(pki_tomcat_t) # forward proxy # need to define ports to fix this @@ -108,6 +117,9 @@ allow load_policy_t pki_log_t:file write; dirsrv_manage_var_lib(pki_tomcat_t) allow setfiles_t pki_log_t:file write; +# allow certmonger to read certdb files +pki_rw_tomcat_cert(certmonger_t) + ########################## # TPS policy ########################## |