Bug 506378
Summary: | additional selinux rule for tps | ||
---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Chandrasekar Kannan <ckannan> |
Component: | SELinux | Assignee: | Ade Lee <alee> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | awnuk, benl, cfu, dlackey, jmagne, mharmsen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-07-22 23:36:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 443788 |
Description
Chandrasekar Kannan
2009-06-17 00:03:19 UTC
Index: dogtag/selinux/pki-selinux.spec =================================================================== --- dogtag/selinux/pki-selinux.spec (revision 619) +++ dogtag/selinux/pki-selinux.spec (working copy) @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.1.0 -%define base_release 8 +%define base_release 9 %define base_group System Environment/Shells %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -249,6 +249,8 @@ ############################################################################### %changelog +* Wed Jun 17 2009 Ade Lee <alee> 1.1.0-9 +- Bugzilla Bug 506387 and 506133 - ECC and messages for tps * Mon Jun 15 2009 Ade Lee <alee> 1.1.0-8 - Bugzilla Bug 504765 - more selinux messages when restarting RA * Tue Jun 9 2009 Ade Lee <alee> 1.1.0-7 Index: base/selinux/src/pki.if =================================================================== --- base/selinux/src/pki.if (revision 619) +++ base/selinux/src/pki.if (working copy) @@ -492,8 +492,8 @@ allow pki_tps_t lib_t:file execute_no_trans; #fowner needed for chmod - allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner fsetid}; - allow pki_tps_t self:process { setsched signal getsched signull execstack execmem}; + allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner fsetid kill}; + allow pki_tps_t self:process { setsched signal getsched signull execstack execmem sigkill}; allow pki_tps_t self:sem all_sem_perms; allow pki_tps_t self:tcp_socket create_stream_socket_perms; Index: base/selinux/src/pki.te =================================================================== --- base/selinux/src/pki.te (revision 619) +++ base/selinux/src/pki.te (working copy) @@ -1,4 +1,4 @@ -policy_module(pki,1.0.10) +policy_module(pki,1.0.11) attribute pki_ca_config; attribute pki_ca_executable; @@ -25,6 +25,9 @@ # for crl publishing allow pki_ca_t pki_ca_var_lib_t:lnk_file { rename create unlink }; +# for ECC +auth_getattr_shadow(pki_ca_t) + attribute pki_kra_config; attribute pki_kra_executable; attribute pki_kra_var_lib; [builder@dhcp231-124 pki]$ svn ci -m "Bugzilla Bug 506387 and 506133 - ECC and messages for tps" Sending base/selinux/src/pki.if Sending base/selinux/src/pki.te Sending dogtag/selinux/pki-selinux.spec Transmitting file data ... Committed revision 620. Verified. I installed/configured pki-tps on a new build and verified the audit log. Haven't seen it here. Chandra: you may have encountered these when configured nethsm/luna ?? Do you want to confirm or shall I close it as "Verified"" |