diff options
author | Ade Lee <alee@redhat.com> | 2012-10-11 15:20:55 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-10-11 23:54:03 -0400 |
commit | 283af4291e7ec709a2ce4e115775044175abeaf2 (patch) | |
tree | 431ced0c07ccd36a2e82072c2a672830345e53e3 /base/selinux/src | |
parent | c7c2b6c16d1f1c337ba0779dadb49953ef6f215e (diff) | |
download | pki-283af4291e7ec709a2ce4e115775044175abeaf2.tar.gz pki-283af4291e7ec709a2ce4e115775044175abeaf2.tar.xz pki-283af4291e7ec709a2ce4e115775044175abeaf2.zip |
Added pki_tomcat_script_t type and rules to support upgraded instances
This is so runcon in pkicontrol will continue to work for d9 style
instances.
Diffstat (limited to 'base/selinux/src')
-rw-r--r-- | base/selinux/src/pki.te | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/base/selinux/src/pki.te b/base/selinux/src/pki.te index 411974b25..aefcd03c8 100644 --- a/base/selinux/src/pki.te +++ b/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,10.0.12) +policy_module(pki,10.0.13) type pki_log_t; files_type(pki_log_t) @@ -122,6 +122,23 @@ allow setfiles_t pki_log_t:file write; pki_rw_tomcat_cert(certmonger_t) pki_search_tomcat_etc_rw(certmonger_t) +# needed for dogtag 9 style instances +type pki_tomcat_script_t; +domain_type(pki_tomcat_script_t) +gen_require(` + type java_exec_t; + type initrc_t; +') +domtrans_pattern(pki_tomcat_script_t, java_exec_t, pki_tomcat_t) + +role system_r types pki_tomcat_script_t; +allow pki_tomcat_t java_exec_t:file entrypoint; +allow initrc_t pki_tomcat_script_t:process transition; + +optional_policy(` + unconfined_domain(pki_tomcat_script_t) +') + ########################## # TPS policy ########################## |