diff options
| author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-05 20:43:44 +0000 |
|---|---|---|
| committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-05 20:43:44 +0000 |
| commit | dd36607684b28733582d8479b6d2761dc73ccb4d (patch) | |
| tree | fc9e2286d2d144e50044065db63feb3bb5211498 /pki | |
| parent | 82c7faf42ef97477351eb3815f48c96e5d558bcd (diff) | |
| download | pki-dd36607684b28733582d8479b6d2761dc73ccb4d.tar.gz pki-dd36607684b28733582d8479b6d2761dc73ccb4d.tar.xz pki-dd36607684b28733582d8479b6d2761dc73ccb4d.zip | |
Bugzilla Bug# 483716
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@210 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
| -rw-r--r-- | pki/base/selinux/src/pki.if | 4 | ||||
| -rw-r--r-- | pki/base/selinux/src/pki.te | 5 | ||||
| -rw-r--r-- | pki/dogtag/selinux/pki-selinux.spec | 4 |
3 files changed, 9 insertions, 4 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index fa3ae2360..e2ceaa2e1 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -90,8 +90,8 @@ template(`pki_ca_template',` corenet_tcp_connect_generic_port($1_t) # This is for /etc/$1/tomcat.conf: - can_exec($1_t, pki_ca_tomcat_exec_t) - allow $1_t $1_tomcat_exec_t:file getattr; + can_exec($1_t, $1_tomcat_exec_t) + allow $1_t $1_tomcat_exec_t:file {getattr read}; # Init script handling domain_use_interactive_fds($1_t) diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index 94288188c..b4f1f39d4 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,1.0.2) +policy_module(pki,1.0.3) attribute pki_ca_config; attribute pki_ca_executable; @@ -28,6 +28,7 @@ files_type(pki_kra_tomcat_exec_t) pki_ca_template(pki_kra) allow pki_kra_t pki_ca_t:process signull; +corenet_tcp_connect_pki_ca_port(pki_kra_t) attribute pki_ocsp_config; attribute pki_ocsp_executable; @@ -43,6 +44,7 @@ files_type(pki_ocsp_tomcat_exec_t) pki_ca_template(pki_ocsp) allow pki_ocsp_t pki_ca_t:process signull; +corenet_tcp_connect_pki_ca_port(pki_ocsp_t) attribute pki_ra_config; attribute pki_ra_executable; @@ -73,6 +75,7 @@ files_type(pki_tks_tomcat_exec_t) pki_ca_template(pki_tks) allow pki_tks_t pki_ca_t:process signull; +corenet_tcp_connect_pki_ca_port(pki_tks_t) attribute pki_tps_config; attribute pki_tps_executable; diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec index ae9190899..ced005511 100644 --- a/pki/dogtag/selinux/pki-selinux.spec +++ b/pki/dogtag/selinux/pki-selinux.spec @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 4 +%define base_release 5 %define base_group System Environment/Shells %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -238,6 +238,8 @@ fi ############################################################################### %changelog +* Thu Feb 5 2009 Ade Lee <alee@redhat.com> 1.0.0.5 +- Bugzilla Bug #483716: changes for TKS installation * Thu Jan 29 2009 Ade Lee <alee@redhat.com> 1.0.0.4 - Bugzilla Bug #483134 Moved selinux to /usr/share/selinux/modules * Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-3 |