diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2014-09-09 17:31:46 -0700 |
---|---|---|
committer | Matthew Harmsen <mharmsen@pki.usersys.redhat.com> | 2014-09-30 10:31:04 -0700 |
commit | 0bce20a04e06bfdf5317735da0f347d57afc5aa4 (patch) | |
tree | 5f5e66da0e7f65c702462bf0cf387705c3d3abc8 /patches | |
parent | 3947cbb320da7191fac2c7705763732f53cdbaae (diff) | |
download | pki-0bce20a04e06bfdf5317735da0f347d57afc5aa4.tar.gz pki-0bce20a04e06bfdf5317735da0f347d57afc5aa4.tar.xz pki-0bce20a04e06bfdf5317735da0f347d57afc5aa4.zip |
Remove 'pki-selinux' code
- PKI TRAC Ticket #1139 - Remove 'selinux' code from 'master' branch
Diffstat (limited to 'patches')
-rw-r--r-- | patches/README | 8 | ||||
-rw-r--r-- | patches/pki-core-selinux-f16.patch | 23 | ||||
-rw-r--r-- | patches/pki-core-selinux-f17-1.patch | 36 | ||||
-rw-r--r-- | patches/pki-core-selinux-f17.patch | 35 |
4 files changed, 8 insertions, 94 deletions
diff --git a/patches/README b/patches/README new file mode 100644 index 000000000..5e5fb4e77 --- /dev/null +++ b/patches/README @@ -0,0 +1,8 @@ +Patches for use by hybrid builds of the compose scripts located in the +'pki/scripts' directory. + +Sample Naming Formats: + + patches/pki-core-selinux-f16.patch + patches/pki-core-selinux-f17-1.patch + patches/pki-core-selinux-f17.patch diff --git a/patches/pki-core-selinux-f16.patch b/patches/pki-core-selinux-f16.patch deleted file mode 100644 index 6866033dc..000000000 --- a/patches/pki-core-selinux-f16.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if -index 0709176..9a35184 100644 ---- a/pki/base/selinux/src/pki.if -+++ b/pki/base/selinux/src/pki.if -@@ -193,7 +193,7 @@ template(`pki_ca_template',` - corenet_tcp_connect_ldap_port($1_t) - - # tomcat connects to ephemeral ports on shutdown -- corenet_tcp_connect_all_unreserved_ports($1_t) -+ corenet_tcp_connect_all_ephemeral_ports($1_t) - - optional_policy(` - #This is broken in selinux-policy we need java_exec defined, Will add to policy -diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te -index 7f6e657..dab02d4 100644 ---- a/pki/base/selinux/src/pki.te -+++ b/pki/base/selinux/src/pki.te -@@ -1,4 +1,4 @@ --policy_module(pki,10.0.2) -+policy_module(pki,10.0.3) - - attribute pki_ca_config; - attribute pki_ca_executable; diff --git a/patches/pki-core-selinux-f17-1.patch b/patches/pki-core-selinux-f17-1.patch deleted file mode 100644 index 3ee106400..000000000 --- a/patches/pki-core-selinux-f17-1.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if -index 0709176..20dfc17 100644 ---- a/pki/base/selinux/src/pki.if -+++ b/pki/base/selinux/src/pki.if -@@ -206,6 +206,21 @@ template(`pki_ca_template',` - optional_policy(` - unconfined_domain($1_script_t) - ') -+ -+ # tomcat6 init scripts do runuser and touch lockfile -+ allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override }; -+ allow $1_t self:netlink_audit_socket { nlmsg_relay create read write }; -+ consoletype_exec($1_t) -+ fs_read_hugetlbfs_files($1_t) -+ hostname_exec($1_t) -+ kernel_read_kernel_sysctls($1_t) -+ fs_getattr_xattr_fs($1_t) -+ -+ # java (mislabeled as lib_t?) calls build_classpath -+ libs_exec_lib_files($1_t) -+ -+ selinux_get_enforce_mode($1_t) -+ - ') - - ######################################## -diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te -index 7f6e657..dab02d4 100644 ---- a/pki/base/selinux/src/pki.te -+++ b/pki/base/selinux/src/pki.te -@@ -1,4 +1,4 @@ --policy_module(pki,10.0.2) -+policy_module(pki,10.0.4) - - attribute pki_ca_config; - attribute pki_ca_executable; diff --git a/patches/pki-core-selinux-f17.patch b/patches/pki-core-selinux-f17.patch deleted file mode 100644 index 465c95fe2..000000000 --- a/patches/pki-core-selinux-f17.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if -index 0709176..20dfc17 100644 ---- a/pki/base/selinux/src/pki.if -+++ b/pki/base/selinux/src/pki.if -@@ -206,6 +206,20 @@ template(`pki_ca_template',` - optional_policy(` - unconfined_domain($1_script_t) - ') -+ -+ # tomcat6 init scripts do runuser and touch lockfile -+ allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override }; -+ allow $1_t self:netlink_audit_socket { nlmsg_relay create read write }; -+ consoletype_exec($1_t) -+ fs_read_hugetlbfs_files($1_t) -+ hostname_exec($1_t) -+ kernel_read_kernel_sysctls($1_t) -+ -+ # java (mislabeled as lib_t?) calls build_classpath -+ libs_exec_lib_files($1_t) -+ -+ selinux_get_enforce_mode($1_t) -+ - ') - - ######################################## -diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te -index 7f6e657..dab02d4 100644 ---- a/pki/base/selinux/src/pki.te -+++ b/pki/base/selinux/src/pki.te -@@ -1,4 +1,4 @@ --policy_module(pki,10.0.2) -+policy_module(pki,10.0.3) - - attribute pki_ca_config; - attribute pki_ca_executable; |