Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@791 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

2 files changed, 3 insertions, 3 deletions

diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
index 305634cf4..4f2469b1d 100644
--- a/pki/base/selinux/src/pki.if
+++ b/pki/base/selinux/src/pki.if
@@ -482,7 +482,7 @@ template(`pki_tps_template',`
         allow pki_tps_t httpd_config_t:file { read getattr execute };
         allow pki_tps_t httpd_exec_t:file entrypoint;
         allow pki_tps_t httpd_modules_t:lnk_file read;
-        allow pki_tps_t httpd_suexec_exec_t:file getattr;
+	allow pki_tps_t httpd_suexec_exec_t:file { getattr read execute };
 
         # apache permissions
         apache_exec_modules(pki_tps_t)
@@ -653,7 +653,7 @@ template(`pki_ra_template',`
         allow pki_ra_t httpd_config_t:file { read getattr execute };
         allow pki_ra_t httpd_exec_t:file entrypoint;
         allow pki_ra_t httpd_modules_t:lnk_file read;
-        allow pki_ra_t httpd_suexec_exec_t:file getattr;
+        allow pki_ra_t httpd_suexec_exec_t:file { getattr read execute };
 
         #apache permissions
         apache_read_config(pki_ra_t)
diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
index 26c2cc617..4acaa4624 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,1.0.13)
+policy_module(pki,1.0.14)
 
 attribute pki_ca_config;
 attribute pki_ca_executable;