From 6e79c7cb922072614155c067e26fab446893bae7 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Mon, 1 Oct 2012 13:55:03 -0400 Subject: add selinux context for pkidaemon, remove unneeded pid and lock code remove runcon from operations, add rules for spawn/destroy, add mgrepl changes to policy --- base/deploy/scripts/operations | 51 ++------------------------------- base/deploy/src/scriptlets/pkiparser.py | 2 +- 2 files changed, 4 insertions(+), 49 deletions(-) (limited to 'base/deploy') diff --git a/base/deploy/scripts/operations b/base/deploy/scripts/operations index d4c03d084..4716e766f 100644 --- a/base/deploy/scripts/operations +++ b/base/deploy/scripts/operations @@ -1220,20 +1220,8 @@ start_instance() # of the tomcat init script knows which instance specific # configuration file to source. export SERVICE_NAME=$PKI_INSTANCE_ID - - if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then - # HACKS: - # (1) MUST eventually replace hard-coded 'pki_ca_script_t' - # with programmatic replacement of either - # 'pki_tomcat_script_t' or 'pki_apache_script_t', AND - # (2) MUST currently be run with SELinux in 'Permissive' mode! - /usr/bin/runcon -t pki_tomcat_script_t \ - $PKI_INSTANCE_INITSCRIPT start - rv=$? - else - $PKI_INSTANCE_INITSCRIPT start - rv=$? - fi + $PKI_INSTANCE_INITSCRIPT start + rv=$? ;; apache) $PKI_INSTANCE_INITSCRIPT start @@ -1283,36 +1271,6 @@ start_instance() return 6 else # 0 success - - # Tomcat instances automatically place pid files under - # '/var/run' and lock files under '/var/lock/subsys'. - # - # However, since PKI subsystem instances can have any name, - # in order to identify the PKI subsystem type of a particular - # PKI instance, we create a separate "pki subsystem identity" - # symlink to the PKI instance pid file and place it under - # '/var/run/pki/', and a separate - # "pki subsystem identity" symlink to the PKI instance - # lock file and place it under '/var/lock/pki/'. - # - case $PKI_WEB_SERVER_TYPE in - tomcat) - if [ -h ${PKI_PIDFILE} ]; then - rm -f ${PKI_PIDFILE} - fi - if [ -f ${TOMCAT_PIDFILE} ]; then - ln -s ${TOMCAT_PIDFILE} ${PKI_PIDFILE} - chown -h ${TOMCAT_USER}:${TOMCAT_GROUP} ${PKI_PIDFILE} - fi - if [ -h ${PKI_LOCKFILE} ]; then - rm -f ${PKI_LOCKFILE} - fi - if [ -f ${TOMCAT_LOCKFILE} ]; then - ln -s ${TOMCAT_LOCKFILE} ${PKI_LOCKFILE} - fi - ;; - esac - return 0 fi fi @@ -1332,12 +1290,9 @@ stop_instance() # that were previously associated with the Tomcat 'pid' and 'lock' files. case $PKI_WEB_SERVER_TYPE in tomcat) - if [ -h ${PKI_PIDFILE} ]; then + if [ -f ${PKI_PIDFILE} ]; then rm -f ${PKI_PIDFILE} fi - if [ -h ${PKI_LOCKFILE} ]; then - rm -f ${PKI_LOCKFILE} - fi ;; esac diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index a235c5917..a349436ff 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -1259,7 +1259,7 @@ def compose_pki_master_dictionary(): config.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] =\ config.pki_master_dict['pki_instance_log_path'] config.pki_master_dict['TOMCAT_PIDFILE_SLOT'] =\ - "/var/run/" + config.pki_master_dict['pki_instance_id'] + ".pid" + "/var/run/pki/tomcat/" + config.pki_master_dict['pki_instance_id'] + ".pid" config.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] =\ config.pki_master_dict['pki_tomcat_server_port'] config.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] =\ -- cgit