From 5fd74e0e0c9407306e99ef4fd2e776cb911ee94a Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Tue, 10 Jul 2012 11:50:59 -0400
Subject: Selinux policy for new configuration.

Added tomcat_t for java processes.  Added aliases for old types to allow
compatibility of existng subsystems.  Added install scripts for pkispawn
and pkidestroy
---
 base/selinux/src/pki.fc | 125 ++++++++++++++----------------------------------
 1 file changed, 37 insertions(+), 88 deletions(-)

(limited to 'base/selinux/src/pki.fc')

diff --git a/base/selinux/src/pki.fc b/base/selinux/src/pki.fc
index 3a22d86a4..fbc086fe0 100644
--- a/base/selinux/src/pki.fc
+++ b/base/selinux/src/pki.fc
@@ -1,91 +1,40 @@
-
-/usr/bin/dtomcat5-pki-ca	--	gen_context(system_u:object_r:pki_ca_exec_t,s0)
-
-/etc/pki-ca(/.*)?			gen_context(system_u:object_r:pki_ca_etc_rw_t,s0)
-/etc/pki-ca/tomcat5.conf  	--      gen_context(system_u:object_r:pki_ca_tomcat_exec_t,s0)
-
-/var/lib/pki-ca(/.*)?		        gen_context(system_u:object_r:pki_ca_var_lib_t,s0)
-
-/var/run/pki-ca.pid			gen_context(system_u:object_r:pki_ca_var_run_t,s0)
-
-/var/log/pki-ca(/.*)?			gen_context(system_u:object_r:pki_ca_log_t,s0)
-
-/usr/bin/dtomcat5-pki-kra	--	gen_context(system_u:object_r:pki_kra_exec_t,s0)
-
-/etc/pki-kra(/.*)?			gen_context(system_u:object_r:pki_kra_etc_rw_t,s0)
-/etc/pki-kra/tomcat5.conf  	--      gen_context(system_u:object_r:pki_kra_tomcat_exec_t,s0)
-
-/var/lib/pki-kra(/.*)?		        gen_context(system_u:object_r:pki_kra_var_lib_t,s0)
-
-/var/run/pki-kra.pid			gen_context(system_u:object_r:pki_kra_var_run_t,s0)
-
-/var/log/pki-kra(/.*)?			gen_context(system_u:object_r:pki_kra_log_t,s0)
-
-/usr/bin/dtomcat5-pki-ocsp	--	gen_context(system_u:object_r:pki_ocsp_exec_t,s0)
-
-/etc/pki-ocsp(/.*)?			gen_context(system_u:object_r:pki_ocsp_etc_rw_t,s0)
-/etc/pki-ocsp/tomcat5.conf  	--      gen_context(system_u:object_r:pki_ocsp_tomcat_exec_t,s0)
-
-/var/lib/pki-ocsp(/.*)?		        gen_context(system_u:object_r:pki_ocsp_var_lib_t,s0)
-
-/var/run/pki-ocsp.pid			gen_context(system_u:object_r:pki_ocsp_var_run_t,s0)
-
-/var/log/pki-ocsp(/.*)?			gen_context(system_u:object_r:pki_ocsp_log_t,s0)
-
-/usr/sbin/httpd.worker  --      gen_context(system_u:object_r:pki_ra_exec_t,s0)
-/etc/pki-ra(/.*)?               gen_context(system_u:object_r:pki_ra_etc_rw_t,s0)
-/var/lib/pki-ra(/.*)?           gen_context(system_u:object_r:pki_ra_var_lib_t,s0)
-/var/log/pki-ra(/.*)?           gen_context(system_u:object_r:pki_ra_log_t,s0)
-
-
-/usr/bin/dtomcat5-pki-tks	--	gen_context(system_u:object_r:pki_tks_exec_t,s0)
-
-/etc/pki-tks(/.*)?			gen_context(system_u:object_r:pki_tks_etc_rw_t,s0)
-/etc/pki-tks/tomcat5.conf  	--      gen_context(system_u:object_r:pki_tks_tomcat_exec_t,s0)
-
-/var/lib/pki-tks(/.*)?		gen_context(system_u:object_r:pki_tks_var_lib_t,s0)
-
-/var/run/pki-tks.pid			gen_context(system_u:object_r:pki_tks_var_run_t,s0)
-
-/var/log/pki-tks(/.*)?			gen_context(system_u:object_r:pki_tks_log_t,s0)
-
-/etc/pki-tps(/.*)?              gen_context(system_u:object_r:pki_tps_etc_rw_t,s0)
-/var/lib/pki-tps(/.*)?          gen_context(system_u:object_r:pki_tps_var_lib_t,s0)
-/var/log/pki-tps(/.*)?          gen_context(system_u:object_r:pki_tps_log_t,s0)
+/etc/pki/tomcat(/.*)?			gen_context(system_u:object_r:pki_tomcat_etc_rw_t,s0)
+/var/lib/pki/tomcat(/.*)?       	gen_context(system_u:object_r:pki_tomcat_var_lib_t,s0)
+/var/run/pki/tomcat(/.*)?		gen_context(system_u:object_r:pki_tomcat_var_run_t,s0)
+/var/log/pki/tomcat(/.*)?		gen_context(system_u:object_r:pki_tomcat_log_t,s0)
+/etc/sysconfig/pki/tomcat(/.*)? 	gen_context(system_u:object_r:pki_tomcat_etc_rw_t,s0)
+/var/log/pki                            gen_context(system_u:object_r:pki_log_t,s0)
+
+/usr/sbin/httpd.worker  --      	gen_context(system_u:object_r:pki_ra_exec_t,s0)
+/etc/pki-ra(/.*)?               	gen_context(system_u:object_r:pki_ra_etc_rw_t,s0)
+/var/lib/pki-ra(/.*)?           	gen_context(system_u:object_r:pki_ra_var_lib_t,s0)
+/var/log/pki-ra(/.*)?           	gen_context(system_u:object_r:pki_ra_log_t,s0)
+/var/run/pki/ra(/.*)? 	        	gen_context(system_u:object_r:pki_ra_var_run_t,s0)
+/etc/sysconfig/pki/ra(/.*)?		gen_context(system_u:object_r:pki_ra_etc_rw_t,s0)
+
+/etc/pki-tps(/.*)?              	gen_context(system_u:object_r:pki_tps_etc_rw_t,s0)
+/var/lib/pki-tps(/.*)?          	gen_context(system_u:object_r:pki_tps_var_lib_t,s0)
+/var/log/pki-tps(/.*)?          	gen_context(system_u:object_r:pki_tps_log_t,s0)
+/var/run/pki/tps(/.*)? 	        	gen_context(system_u:object_r:pki_tps_var_run_t,s0)
+/etc/sysconfig/pki/tps(/.*)?		gen_context(system_u:object_r:pki_tps_etc_rw_t,s0)
 
 # default labeling for nCipher
-/opt/nfast/scripts/init.d/(.*)  gen_context(system_u:object_r:initrc_exec_t, s0)
-/opt/nfast/sbin/init.d-ncipher  gen_context(system_u:object_r:initrc_exec_t, s0)
-/opt/nfast(/.*)?                gen_context(system_u:object_r:pki_common_t, s0)
-/dev/nfast(/.*)?                gen_context(system_u:object_r:pki_common_dev_t, s0)
-
-# labeling for new CA under pki-cad
-
-/var/run/pki/ca(/.*)? 	        gen_context(system_u:object_r:pki_ca_var_run_t,s0)
-/etc/sysconfig/pki/ca(/.*)?	gen_context(system_u:object_r:pki_ca_etc_rw_t,s0)
-
-# labeling for new KRA under pki-krad
-
-/var/run/pki/kra(/.*)? 	        gen_context(system_u:object_r:pki_kra_var_run_t,s0)
-/etc/sysconfig/pki/kra(/.*)?	gen_context(system_u:object_r:pki_kra_etc_rw_t,s0)
-
-# labeling for new OCSP under pki-ocspd
-
-/var/run/pki/ocsp(/.*)?         gen_context(system_u:object_r:pki_ocsp_var_run_t,s0)
-/etc/sysconfig/pki/ocsp(/.*)?	gen_context(system_u:object_r:pki_ocsp_etc_rw_t,s0)
-
-# labeling for new TKS under pki-tksd
-
-/var/run/pki/tks(/.*)? 	        gen_context(system_u:object_r:pki_tks_var_run_t,s0)
-/etc/sysconfig/pki/tks(/.*)?	gen_context(system_u:object_r:pki_tks_etc_rw_t,s0)
-
-# labeling for new RA under pki-rad
-
-/var/run/pki/ra(/.*)? 	        gen_context(system_u:object_r:pki_ra_var_run_t,s0)
-/etc/sysconfig/pki/ra(/.*)?	    gen_context(system_u:object_r:pki_ra_etc_rw_t,s0)
-
-# labeling for new TPS under pki-tpsd
-
-/var/run/pki/tps(/.*)? 	        gen_context(system_u:object_r:pki_tps_var_run_t,s0)
-/etc/sysconfig/pki/tps(/.*)?	gen_context(system_u:object_r:pki_tps_etc_rw_t,s0)
+/opt/nfast/scripts/init.d/(.*)  	gen_context(system_u:object_r:initrc_exec_t, s0)
+/opt/nfast/sbin/init.d-ncipher  	gen_context(system_u:object_r:initrc_exec_t, s0)
+/opt/nfast(/.*)?                	gen_context(system_u:object_r:pki_common_t, s0)
+/dev/nfast(/.*)?                	gen_context(system_u:object_r:pki_common_dev_t, s0)
+
+# old paths (for migration)
+/etc/pki-ca(/.*)?                       gen_context(system_u:object_r:pki_tomcat_etc_rw_t,s0)
+/var/lib/pki-ca(/.*)?                   gen_context(system_u:object_r:pki_tomcat_var_lib_t,s0)
+/var/run/pki-ca.pid                     gen_context(system_u:object_r:pki_tomcat_var_run_t,s0)
+/var/log/pki-ca(/.*)?                   gen_context(system_u:object_r:pki_tomcat_log_t,s0)
+/etc/pki-kra(/.*)?                      gen_context(system_u:object_r:pki_tomcat_etc_rw_t,s0)
+/var/lib/pki-kra(/.*)?                  gen_context(system_u:object_r:pki_tomcat_var_lib_t,s0)
+/var/run/pki-kra.pid                    gen_context(system_u:object_r:pki_tomcat_var_run_t,s0)
+/var/log/pki-kra(/.*)?                  gen_context(system_u:object_r:pki_tomcat_log_t,s0)
+/etc/pki-ocsp(/.*)?                     gen_context(system_u:object_r:pki_tomcat_etc_rw_t,s0)
+/var/lib/pki-ocsp(/.*)?                 gen_context(system_u:object_r:pki_tomcat_var_lib_t,s0)
+/var/run/pki-ocsp.pid                   gen_context(system_u:object_r:pki_tomcat_var_run_t,s0)
+/var/log/pki-ocsp(/.*)?                 gen_context(system_u:object_r:pki_tomcat_log_t,s0)
 
-- 
cgit