blob: 6bd3d98b6be1d14b05f846d6c6b5fd01d360ddcf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
policy_module(pki,1.0.17)
attribute pki_ca_config;
attribute pki_ca_executable;
attribute pki_ca_var_lib;
attribute pki_ca_var_log;
attribute pki_ca_var_run;
attribute pki_ca_pidfiles;
attribute pki_ca_script;
attribute pki_ca_process;
type pki_common_t;
files_type(pki_common_t)
type pki_common_dev_t;
files_type(pki_common_dev_t)
type pki_ca_tomcat_exec_t;
files_type(pki_ca_tomcat_exec_t)
pki_ca_template(pki_ca)
corenet_tcp_connect_pki_kra_port(pki_ca_t)
corenet_tcp_connect_pki_ocsp_port(pki_ca_t)
# for crl publishing
allow pki_ca_t pki_ca_var_lib_t:lnk_file { rename create unlink };
# for ECC
auth_getattr_shadow(pki_ca_t)
attribute pki_kra_config;
attribute pki_kra_executable;
attribute pki_kra_var_lib;
attribute pki_kra_var_log;
attribute pki_kra_var_run;
attribute pki_kra_pidfiles;
attribute pki_kra_script;
attribute pki_kra_process;
type pki_kra_tomcat_exec_t;
files_type(pki_kra_tomcat_exec_t)
pki_ca_template(pki_kra)
corenet_tcp_connect_pki_ca_port(pki_kra_t)
attribute pki_ocsp_config;
attribute pki_ocsp_executable;
attribute pki_ocsp_var_lib;
attribute pki_ocsp_var_log;
attribute pki_ocsp_var_run;
attribute pki_ocsp_pidfiles;
attribute pki_ocsp_script;
attribute pki_ocsp_process;
type pki_ocsp_tomcat_exec_t;
files_type(pki_ocsp_tomcat_exec_t)
pki_ca_template(pki_ocsp)
corenet_tcp_connect_pki_ca_port(pki_ocsp_t)
attribute pki_ra_config;
attribute pki_ra_executable;
attribute pki_ra_var_lib;
attribute pki_ra_var_log;
attribute pki_ra_var_run;
attribute pki_ra_pidfiles;
attribute pki_ra_script;
attribute pki_ra_process;
type pki_ra_tomcat_exec_t;
files_type(pki_ra_tomcat_exec_t)
pki_ra_template(pki_ra)
attribute pki_tks_config;
attribute pki_tks_executable;
attribute pki_tks_var_lib;
attribute pki_tks_var_log;
attribute pki_tks_var_run;
attribute pki_tks_pidfiles;
attribute pki_tks_script;
attribute pki_tks_process;
type pki_tks_tomcat_exec_t;
files_type(pki_tks_tomcat_exec_t)
pki_ca_template(pki_tks)
corenet_tcp_connect_pki_ca_port(pki_tks_t)
# needed for token enrollment, list /var/cache/tomcat5/temp
files_list_var(pki_tks_t)
attribute pki_tps_config;
attribute pki_tps_executable;
attribute pki_tps_var_lib;
attribute pki_tps_var_log;
attribute pki_tps_var_run;
attribute pki_tps_pidfiles;
attribute pki_tps_script;
attribute pki_tps_process;
type pki_tps_tomcat_exec_t;
files_type(pki_tps_tomcat_exec_t)
pki_tps_template(pki_tps)
#interprocess communication on process shutdown
allow pki_ca_t pki_kra_t:process signull;
allow pki_ca_t pki_ocsp_t:process signull;
allow pki_ca_t pki_tks_t:process signull;
allow pki_kra_t pki_ca_t:process signull;
allow pki_kra_t pki_ocsp_t:process signull;
allow pki_kra_t pki_tks_t:process signull;
allow pki_ocsp_t pki_ca_t:process signull;
allow pki_ocsp_t pki_kra_t:process signull;
allow pki_ocsp_t pki_tks_t:process signull;
allow pki_tks_t pki_ca_t:process signull;
allow pki_tks_t pki_kra_t:process signull;
allow pki_tks_t pki_ocsp_t:process signull;
#allow httpd_t pki_tks_tomcat_exec_t:process signull;
#allow httpd_t pki_tks_var_lib_t:process signull;
|
