diff options
author | Ade Lee <alee@redhat.com> | 2012-04-16 16:06:07 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-04-16 16:06:07 -0400 |
commit | df46c7f1229bb736131800cb3aa2ca5746f45092 (patch) | |
tree | ccb5bfd964fd61a0a9954945c05756caef2fd10f /patches | |
parent | a6879237a4623778edb1d3b507fd575d116428fe (diff) | |
download | pki-df46c7f1229bb736131800cb3aa2ca5746f45092.tar.gz pki-df46c7f1229bb736131800cb3aa2ca5746f45092.tar.xz pki-df46c7f1229bb736131800cb3aa2ca5746f45092.zip |
BZ813075 - Added selinux rule to allow finding available space.
Diffstat (limited to 'patches')
-rw-r--r-- | patches/pki-core-selinux-Dogtag-9-f17-1.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/patches/pki-core-selinux-Dogtag-9-f17-1.patch b/patches/pki-core-selinux-Dogtag-9-f17-1.patch new file mode 100644 index 000000000..7a012ec15 --- /dev/null +++ b/patches/pki-core-selinux-Dogtag-9-f17-1.patch @@ -0,0 +1,36 @@ +diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if +index 0709176..20dfc17 100644 +--- a/pki/base/selinux/src/pki.if ++++ b/pki/base/selinux/src/pki.if +@@ -206,6 +206,21 @@ template(`pki_ca_template',` + optional_policy(` + unconfined_domain($1_script_t) + ') ++ ++ # tomcat6 init scripts do runuser and touch lockfile ++ allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override }; ++ allow $1_t self:netlink_audit_socket { nlmsg_relay create read write }; ++ consoletype_exec($1_t) ++ fs_read_hugetlbfs_files($1_t) ++ hostname_exec($1_t) ++ kernel_read_kernel_sysctls($1_t) ++ fs_getattr_xattr_fs($1_t) ++ ++ # java (mislabeled as lib_t?) calls build_classpath ++ libs_exec_lib_files($1_t) ++ ++ selinux_get_enforce_mode($1_t) ++ + ') + + ######################################## +diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te +index 7f6e657..dab02d4 100644 +--- a/pki/base/selinux/src/pki.te ++++ b/pki/base/selinux/src/pki.te +@@ -1,4 +1,4 @@ +-policy_module(pki,9.0.2) ++policy_module(pki,9.0.4) + + attribute pki_ca_config; + attribute pki_ca_executable; |