diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:08:08 -0500 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2012-03-26 15:10:41 -0700 |
commit | 4a7ec07c942544b7ca27718a11dac00505c4de7b (patch) | |
tree | cceeb31a92d7b8b307300305fba77e642b7a6495 /patches | |
parent | 007bc68f666ef5658274a1e27989d75f2a681a20 (diff) | |
download | pki-4a7ec07c942544b7ca27718a11dac00505c4de7b.tar.gz pki-4a7ec07c942544b7ca27718a11dac00505c4de7b.tar.xz pki-4a7ec07c942544b7ca27718a11dac00505c4de7b.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'patches')
-rw-r--r-- | patches/pki-core-selinux-Dogtag-9-f16.patch | 23 | ||||
-rw-r--r-- | patches/pki-core-selinux-Dogtag-9-f17.patch | 35 |
2 files changed, 58 insertions, 0 deletions
diff --git a/patches/pki-core-selinux-Dogtag-9-f16.patch b/patches/pki-core-selinux-Dogtag-9-f16.patch new file mode 100644 index 000000000..03e38be42 --- /dev/null +++ b/patches/pki-core-selinux-Dogtag-9-f16.patch @@ -0,0 +1,23 @@ +diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if +index 0709176..9a35184 100644 +--- a/pki/base/selinux/src/pki.if ++++ b/pki/base/selinux/src/pki.if +@@ -193,7 +193,7 @@ template(`pki_ca_template',` + corenet_tcp_connect_ldap_port($1_t) + + # tomcat connects to ephemeral ports on shutdown +- corenet_tcp_connect_all_unreserved_ports($1_t) ++ corenet_tcp_connect_all_ephemeral_ports($1_t) + + optional_policy(` + #This is broken in selinux-policy we need java_exec defined, Will add to policy +diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te +index 7f6e657..dab02d4 100644 +--- a/pki/base/selinux/src/pki.te ++++ b/pki/base/selinux/src/pki.te +@@ -1,4 +1,4 @@ +-policy_module(pki,9.0.2) ++policy_module(pki,9.0.3) + + attribute pki_ca_config; + attribute pki_ca_executable; diff --git a/patches/pki-core-selinux-Dogtag-9-f17.patch b/patches/pki-core-selinux-Dogtag-9-f17.patch new file mode 100644 index 000000000..e99ec06d5 --- /dev/null +++ b/patches/pki-core-selinux-Dogtag-9-f17.patch @@ -0,0 +1,35 @@ +diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if +index 0709176..20dfc17 100644 +--- a/pki/base/selinux/src/pki.if ++++ b/pki/base/selinux/src/pki.if +@@ -206,6 +206,20 @@ template(`pki_ca_template',` + optional_policy(` + unconfined_domain($1_script_t) + ') ++ ++ # tomcat6 init scripts do runuser and touch lockfile ++ allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override }; ++ allow $1_t self:netlink_audit_socket { nlmsg_relay create read write }; ++ consoletype_exec($1_t) ++ fs_read_hugetlbfs_files($1_t) ++ hostname_exec($1_t) ++ kernel_read_kernel_sysctls($1_t) ++ ++ # java (mislabeled as lib_t?) calls build_classpath ++ libs_exec_lib_files($1_t) ++ ++ selinux_get_enforce_mode($1_t) ++ + ') + + ######################################## +diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te +index 7f6e657..dab02d4 100644 +--- a/pki/base/selinux/src/pki.te ++++ b/pki/base/selinux/src/pki.te +@@ -1,4 +1,4 @@ +-policy_module(pki,9.0.2) ++policy_module(pki,9.0.3) + + attribute pki_ca_config; + attribute pki_ca_executable; |