summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
Diffstat (limited to 'base')
-rw-r--r--base/selinux/src/pki.if18
-rw-r--r--base/selinux/src/pki.te4
2 files changed, 21 insertions, 1 deletions
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index 8399c4e9b..423546d1f 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -20,6 +20,24 @@ interface(`pki_rw_tomcat_cert',`
########################################
## <summary>
+## Allow read and write pki cert files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`pki_search_tomcat_etc_rw',`
+ gen_require(`
+ type pki_tomcat_etc_rw_t;
+ ')
+
+ search_dirs_pattern($1, pki_tomcat_etc_rw_t, pki_tomcat_etc_rw_t)
+')
+
+########################################
+## <summary>
## Create a set of derived types for apache
## web content.
## </summary>
diff --git a/base/selinux/src/pki.te b/base/selinux/src/pki.te
index c8900bc7f..411974b25 100644
--- a/base/selinux/src/pki.te
+++ b/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,10.0.11)
+policy_module(pki,10.0.12)
type pki_log_t;
files_type(pki_log_t)
@@ -83,6 +83,7 @@ logging_send_audit_msgs(pki_tomcat_t)
logging_send_syslog_msg(pki_tomcat_t)
miscfiles_read_hwdata(pki_tomcat_t)
+miscfiles_read_localization(pki_tomcat_t)
files_manage_generic_tmp_files(pki_tomcat_t)
userdom_manage_user_tmp_dirs(pki_tomcat_t)
userdom_manage_user_tmp_files(pki_tomcat_t)
@@ -119,6 +120,7 @@ allow setfiles_t pki_log_t:file write;
# allow certmonger to read certdb files
pki_rw_tomcat_cert(certmonger_t)
+pki_search_tomcat_etc_rw(certmonger_t)
##########################
# TPS policy