diff options
Diffstat (limited to 'pki/base/selinux/src')
| -rw-r--r-- | pki/base/selinux/src/pki.fc | 1 | ||||
| -rw-r--r-- | pki/base/selinux/src/pki.if | 3 | ||||
| -rw-r--r-- | pki/base/selinux/src/pki.te | 8 |
3 files changed, 7 insertions, 5 deletions
diff --git a/pki/base/selinux/src/pki.fc b/pki/base/selinux/src/pki.fc index 6a8a2abfe..9793383aa 100644 --- a/pki/base/selinux/src/pki.fc +++ b/pki/base/selinux/src/pki.fc @@ -58,7 +58,6 @@ /var/log/pki-tks(/.*)? gen_context(system_u:object_r:pki_tks_log_t,s0) -/usr/sbin/httpd.worker -- gen_context(system_u:object_r:pki_ra_exec_t,s0) /etc/init.d/pki-tps -- gen_context(system_u:object_r:pki_tps_script_exec_t,s0) /etc/pki-tps(/.*)? gen_context(system_u:object_r:pki_tps_etc_rw_t,s0) /var/lib/pki-tps(/.*)? gen_context(system_u:object_r:pki_tps_var_lib_t,s0) diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index 5c2e90d91..fa3ae2360 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -87,9 +87,11 @@ template(`pki_ca_template',` corenet_tcp_bind_all_nodes($1_t) corenet_tcp_bind_ocsp_port($1_t) corenet_tcp_connect_ocsp_port($1_t) + corenet_tcp_connect_generic_port($1_t) # This is for /etc/$1/tomcat.conf: can_exec($1_t, pki_ca_tomcat_exec_t) + allow $1_t $1_tomcat_exec_t:file getattr; # Init script handling domain_use_interactive_fds($1_t) @@ -116,6 +118,7 @@ template(`pki_ca_template',` corecmd_exec_bin($1_t) corecmd_read_bin_symlinks($1_t) corecmd_exec_shell($1_t) + corecmd_search_bin($1_t) dev_list_sysfs($1_t) dev_read_rand($1_t) diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index 71fdc7528..94288188c 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,1.0.1) +policy_module(pki,1.0.2) attribute pki_ca_config; attribute pki_ca_executable; @@ -27,7 +27,7 @@ type pki_kra_tomcat_exec_t; files_type(pki_kra_tomcat_exec_t) pki_ca_template(pki_kra) - +allow pki_kra_t pki_ca_t:process signull; attribute pki_ocsp_config; attribute pki_ocsp_executable; @@ -42,7 +42,7 @@ type pki_ocsp_tomcat_exec_t; files_type(pki_ocsp_tomcat_exec_t) pki_ca_template(pki_ocsp) - +allow pki_ocsp_t pki_ca_t:process signull; attribute pki_ra_config; attribute pki_ra_executable; @@ -72,7 +72,7 @@ type pki_tks_tomcat_exec_t; files_type(pki_tks_tomcat_exec_t) pki_ca_template(pki_tks) - +allow pki_tks_t pki_ca_t:process signull; attribute pki_tps_config; attribute pki_tps_executable; |