diff options
Diffstat (limited to 'pki/base')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java | 5 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java | 3 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.fc | 1 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.if | 3 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.te | 8 |
5 files changed, 14 insertions, 6 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 0cb7feba6..91bd2a278 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -207,14 +207,17 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String pwd = HttpInput.getPassword(request, "password"); String tokenn = ""; + String instanceRoot = ""; + try { tokenn = config.getString("preop.module.token"); + instanceRoot = config.getString("instanceRoot"); } catch (Exception e) { } if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; - FileInputStream fis = new FileInputStream(path); + FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); while (fis.available() > 0) fis.read(b); fis.close(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index be00bd73c..22472239b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -567,6 +567,9 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString(name, v); } else if (name.startsWith("cloning")) { config.putString(name.replaceFirst("cloning", "preop.cert"), v); } diff --git a/pki/base/selinux/src/pki.fc b/pki/base/selinux/src/pki.fc index 6a8a2abfe..9793383aa 100644 --- a/pki/base/selinux/src/pki.fc +++ b/pki/base/selinux/src/pki.fc @@ -58,7 +58,6 @@ /var/log/pki-tks(/.*)? gen_context(system_u:object_r:pki_tks_log_t,s0) -/usr/sbin/httpd.worker -- gen_context(system_u:object_r:pki_ra_exec_t,s0) /etc/init.d/pki-tps -- gen_context(system_u:object_r:pki_tps_script_exec_t,s0) /etc/pki-tps(/.*)? gen_context(system_u:object_r:pki_tps_etc_rw_t,s0) /var/lib/pki-tps(/.*)? gen_context(system_u:object_r:pki_tps_var_lib_t,s0) diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index 5c2e90d91..fa3ae2360 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -87,9 +87,11 @@ template(`pki_ca_template',` corenet_tcp_bind_all_nodes($1_t) corenet_tcp_bind_ocsp_port($1_t) corenet_tcp_connect_ocsp_port($1_t) + corenet_tcp_connect_generic_port($1_t) # This is for /etc/$1/tomcat.conf: can_exec($1_t, pki_ca_tomcat_exec_t) + allow $1_t $1_tomcat_exec_t:file getattr; # Init script handling domain_use_interactive_fds($1_t) @@ -116,6 +118,7 @@ template(`pki_ca_template',` corecmd_exec_bin($1_t) corecmd_read_bin_symlinks($1_t) corecmd_exec_shell($1_t) + corecmd_search_bin($1_t) dev_list_sysfs($1_t) dev_read_rand($1_t) diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index 71fdc7528..94288188c 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,1.0.1) +policy_module(pki,1.0.2) attribute pki_ca_config; attribute pki_ca_executable; @@ -27,7 +27,7 @@ type pki_kra_tomcat_exec_t; files_type(pki_kra_tomcat_exec_t) pki_ca_template(pki_kra) - +allow pki_kra_t pki_ca_t:process signull; attribute pki_ocsp_config; attribute pki_ocsp_executable; @@ -42,7 +42,7 @@ type pki_ocsp_tomcat_exec_t; files_type(pki_ocsp_tomcat_exec_t) pki_ca_template(pki_ocsp) - +allow pki_ocsp_t pki_ca_t:process signull; attribute pki_ra_config; attribute pki_ra_executable; @@ -72,7 +72,7 @@ type pki_tks_tomcat_exec_t; files_type(pki_tks_tomcat_exec_t) pki_ca_template(pki_tks) - +allow pki_tks_t pki_ca_t:process signull; attribute pki_tps_config; attribute pki_tps_executable; |