From 6a891d92d8e741f8d66ea43cefc1c11c69affed4 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Mon, 6 Aug 2012 10:25:23 -0400
Subject: Changed selinux context for legacy instances

In the new selinux policy, pki_ca_t etc. are all replaced by
pki_tomcat_t.  To allow old instances to work under dogtag 10, the
context in the run scripts needs to change.
Also added a rule needed by selinux policy.
---
 base/selinux/src/pki.if | 1 +
 1 file changed, 1 insertion(+)

(limited to 'base/selinux')

diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index 8f62136d5..b456ac995 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -218,6 +218,7 @@ template(`pki_tomcat_template',`
         kernel_read_kernel_sysctls($1_t)
         selinux_get_enforce_mode($1_t)
         dirsrv_manage_var_lib($1_t)
+        tomcat_search_cache($1_t)
 
         # write to /var/log/pki for spawn and destroy
         allow $1_t pki_log_t:dir {getattr search};
-- 
cgit