diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-09 15:33:50 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-09 15:33:50 +0000 |
commit | ac7f66343a8d1930736aa2b20d30bd23230e5127 (patch) | |
tree | 6e2d59806d478ff22ea930922e20cc40f48a0cf1 /pki/base/selinux | |
parent | 0ba0e453fe69f76da4242099ea3a59d031ad0e5b (diff) | |
download | pki-ac7f66343a8d1930736aa2b20d30bd23230e5127.tar.gz pki-ac7f66343a8d1930736aa2b20d30bd23230e5127.tar.xz pki-ac7f66343a8d1930736aa2b20d30bd23230e5127.zip |
Bugzilla Bug 504765 - selinux messages when restarting RA
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@571 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/selinux')
-rw-r--r-- | pki/base/selinux/src/pki.if | 3 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.te | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index 277faaec9..6c34cb57f 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -114,6 +114,7 @@ template(`pki_ca_template',` manage_files_pattern($1_t, $1_var_lib_t, $1_var_lib_t) read_lnk_files_pattern($1_t, $1_var_lib_t, $1_var_lib_t) files_var_lib_filetrans($1_t, $1_var_lib_t, { file dir } ) + allow $1_t rpm_var_lib_t:lnk_file { read getattr }; manage_dirs_pattern($1_t, $1_log_t, $1_log_t) manage_files_pattern($1_t, $1_log_t, $1_log_t) @@ -660,7 +661,7 @@ template(`pki_ra_template',` allow pki_ra_t lib_t:file execute_no_trans; - allow pki_ra_t self:capability { setuid sys_nice setgid dac_override }; + allow pki_ra_t self:capability { setuid sys_nice setgid dac_override fowner}; allow pki_ra_t self:process { setsched getsched signal signull execstack execmem}; allow pki_ra_t self:sem all_sem_perms; allow pki_ra_t self:tcp_socket create_stream_socket_perms; diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index ae17c2520..0f00c99ea 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,1.0.8) +policy_module(pki,1.0.9) attribute pki_ca_config; attribute pki_ca_executable; |