Bugzilla BZ# 482738: selinux changes for cloning

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@199 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-01-28 16:07:09 +0000
committer: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-01-28 16:07:09 +0000
commit: 13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50 (patch)
tree: 8349ad5e86fbea80e011af53d56518dea76bf11e /pki/base/selinux/src/pki.if
parent: ea85f54a756ff1e6603cdee28a90785b3f8db08d (diff)
download: pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.tar.gz
pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.tar.xz
pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
index 5c2e90d91..fa3ae2360 100644
--- a/pki/base/selinux/src/pki.if
+++ b/pki/base/selinux/src/pki.if
@@ -87,9 +87,11 @@ template(`pki_ca_template',`
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_tcp_bind_ocsp_port($1_t)
 	corenet_tcp_connect_ocsp_port($1_t)
+        corenet_tcp_connect_generic_port($1_t)
 
 	# This is for /etc/$1/tomcat.conf:
 	can_exec($1_t, pki_ca_tomcat_exec_t)
+        allow $1_t $1_tomcat_exec_t:file getattr;
 
 	# Init script handling
 	domain_use_interactive_fds($1_t)
@@ -116,6 +118,7 @@ template(`pki_ca_template',`
 	corecmd_exec_bin($1_t)
 	corecmd_read_bin_symlinks($1_t)
 	corecmd_exec_shell($1_t)
+        corecmd_search_bin($1_t)
 
 	dev_list_sysfs($1_t)
 	dev_read_rand($1_t)
author	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-01-28 16:07:09 +0000
committer	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-01-28 16:07:09 +0000
commit	13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50 (patch)
tree	8349ad5e86fbea80e011af53d56518dea76bf11e /pki/base/selinux/src/pki.if
parent	ea85f54a756ff1e6603cdee28a90785b3f8db08d (diff)
download	pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.tar.gz pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.tar.xz pki-13715dc6c17c55dd36a6c6bfe8ad12a775f5bc50.zip