diff options
| author | Ade Lee <alee@redhat.com> | 2012-10-10 14:48:10 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-10-10 22:57:42 -0400 |
| commit | c7c2b6c16d1f1c337ba0779dadb49953ef6f215e (patch) | |
| tree | 6adc2daecb648ef40dcff94aed683b7bde0ba385 /base/selinux/src | |
| parent | c494bd03f8f4f82a4c06457dfc301a606b89e2dc (diff) | |
| download | pki-c7c2b6c16d1f1c337ba0779dadb49953ef6f215e.tar.gz pki-c7c2b6c16d1f1c337ba0779dadb49953ef6f215e.tar.xz pki-c7c2b6c16d1f1c337ba0779dadb49953ef6f215e.zip | |
New selinux interface needed for certmonger directory access
Diffstat (limited to 'base/selinux/src')
| -rw-r--r-- | base/selinux/src/pki.if | 18 | ||||
| -rw-r--r-- | base/selinux/src/pki.te | 4 |
2 files changed, 21 insertions, 1 deletions
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if index 8399c4e9b..423546d1f 100644 --- a/base/selinux/src/pki.if +++ b/base/selinux/src/pki.if @@ -20,6 +20,24 @@ interface(`pki_rw_tomcat_cert',` ######################################## ## <summary> +## Allow read and write pki cert files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`pki_search_tomcat_etc_rw',` + gen_require(` + type pki_tomcat_etc_rw_t; + ') + + search_dirs_pattern($1, pki_tomcat_etc_rw_t, pki_tomcat_etc_rw_t) +') + +######################################## +## <summary> ## Create a set of derived types for apache ## web content. ## </summary> diff --git a/base/selinux/src/pki.te b/base/selinux/src/pki.te index c8900bc7f..411974b25 100644 --- a/base/selinux/src/pki.te +++ b/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,10.0.11) +policy_module(pki,10.0.12) type pki_log_t; files_type(pki_log_t) @@ -83,6 +83,7 @@ logging_send_audit_msgs(pki_tomcat_t) logging_send_syslog_msg(pki_tomcat_t) miscfiles_read_hwdata(pki_tomcat_t) +miscfiles_read_localization(pki_tomcat_t) files_manage_generic_tmp_files(pki_tomcat_t) userdom_manage_user_tmp_dirs(pki_tomcat_t) userdom_manage_user_tmp_files(pki_tomcat_t) @@ -119,6 +120,7 @@ allow setfiles_t pki_log_t:file write; # allow certmonger to read certdb files pki_rw_tomcat_cert(certmonger_t) +pki_search_tomcat_etc_rw(certmonger_t) ########################## # TPS policy |