diff options
author | Ade Lee <alee@redhat.com> | 2012-08-06 10:25:23 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-08-06 10:33:25 -0400 |
commit | 6a891d92d8e741f8d66ea43cefc1c11c69affed4 (patch) | |
tree | 9a2e683a7bf1a5ad2a28541e27f1acb4a3c64275 /base/selinux | |
parent | 178327661293a26dfa3a9dc52dd9464f6d97fd3f (diff) | |
download | pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.tar.gz pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.tar.xz pki-6a891d92d8e741f8d66ea43cefc1c11c69affed4.zip |
Changed selinux context for legacy instances
In the new selinux policy, pki_ca_t etc. are all replaced by
pki_tomcat_t. To allow old instances to work under dogtag 10, the
context in the run scripts needs to change.
Also added a rule needed by selinux policy.
Diffstat (limited to 'base/selinux')
-rw-r--r-- | base/selinux/src/pki.if | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if index 8f62136d5..b456ac995 100644 --- a/base/selinux/src/pki.if +++ b/base/selinux/src/pki.if @@ -218,6 +218,7 @@ template(`pki_tomcat_template',` kernel_read_kernel_sysctls($1_t) selinux_get_enforce_mode($1_t) dirsrv_manage_var_lib($1_t) + tomcat_search_cache($1_t) # write to /var/log/pki for spawn and destroy allow $1_t pki_log_t:dir {getattr search}; |