diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-05 20:43:44 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-05 20:43:44 +0000 |
commit | dd36607684b28733582d8479b6d2761dc73ccb4d (patch) | |
tree | fc9e2286d2d144e50044065db63feb3bb5211498 /pki/base/selinux | |
parent | 82c7faf42ef97477351eb3815f48c96e5d558bcd (diff) | |
download | pki-dd36607684b28733582d8479b6d2761dc73ccb4d.tar.gz pki-dd36607684b28733582d8479b6d2761dc73ccb4d.tar.xz pki-dd36607684b28733582d8479b6d2761dc73ccb4d.zip |
Bugzilla Bug# 483716
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@210 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/selinux')
-rw-r--r-- | pki/base/selinux/src/pki.if | 4 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.te | 5 |
2 files changed, 6 insertions, 3 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index fa3ae2360..e2ceaa2e1 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -90,8 +90,8 @@ template(`pki_ca_template',` corenet_tcp_connect_generic_port($1_t) # This is for /etc/$1/tomcat.conf: - can_exec($1_t, pki_ca_tomcat_exec_t) - allow $1_t $1_tomcat_exec_t:file getattr; + can_exec($1_t, $1_tomcat_exec_t) + allow $1_t $1_tomcat_exec_t:file {getattr read}; # Init script handling domain_use_interactive_fds($1_t) diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index 94288188c..b4f1f39d4 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,1.0.2) +policy_module(pki,1.0.3) attribute pki_ca_config; attribute pki_ca_executable; @@ -28,6 +28,7 @@ files_type(pki_kra_tomcat_exec_t) pki_ca_template(pki_kra) allow pki_kra_t pki_ca_t:process signull; +corenet_tcp_connect_pki_ca_port(pki_kra_t) attribute pki_ocsp_config; attribute pki_ocsp_executable; @@ -43,6 +44,7 @@ files_type(pki_ocsp_tomcat_exec_t) pki_ca_template(pki_ocsp) allow pki_ocsp_t pki_ca_t:process signull; +corenet_tcp_connect_pki_ca_port(pki_ocsp_t) attribute pki_ra_config; attribute pki_ra_executable; @@ -73,6 +75,7 @@ files_type(pki_tks_tomcat_exec_t) pki_ca_template(pki_tks) allow pki_tks_t pki_ca_t:process signull; +corenet_tcp_connect_pki_ca_port(pki_tks_t) attribute pki_tps_config; attribute pki_tps_executable; |