Changed selinux context for legacy instances

In the new selinux policy, pki_ca_t etc. are all replaced by
pki_tomcat_t.  To allow old instances to work under dogtag 10, the
context in the run scripts needs to change.
Also added a rule needed by selinux policy.

1 files changed, 1 insertions, 0 deletions

diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index 8f62136d5..b456ac995 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -218,6 +218,7 @@ template(`pki_tomcat_template',`
         kernel_read_kernel_sysctls($1_t)
         selinux_get_enforce_mode($1_t)
         dirsrv_manage_var_lib($1_t)
+        tomcat_search_cache($1_t)
 
         # write to /var/log/pki for spawn and destroy
         allow $1_t pki_log_t:dir {getattr search};