Bug 506378
| Summary: | additional selinux rule for tps | ||
|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Chandrasekar Kannan <ckannan> |
| Component: | SELinux | Assignee: | Ade Lee <alee> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | awnuk, benl, cfu, dlackey, jmagne, mharmsen |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-07-22 23:36:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 443788 | ||
|
Description
Chandrasekar Kannan
2009-06-17 00:03:19 UTC
Index: dogtag/selinux/pki-selinux.spec
===================================================================
--- dogtag/selinux/pki-selinux.spec (revision 619)
+++ dogtag/selinux/pki-selinux.spec (working copy)
@@ -33,7 +33,7 @@
## Package Header Definitions
%define base_name %{base_prefix}-%{base_component}
%define base_version 1.1.0
-%define base_release 8
+%define base_release 9
%define base_group System Environment/Shells
%define base_vendor Red Hat, Inc.
%define base_license GPLv2 with exceptions
@@ -249,6 +249,8 @@
###############################################################################
%changelog
+* Wed Jun 17 2009 Ade Lee <alee> 1.1.0-9
+- Bugzilla Bug 506387 and 506133 - ECC and messages for tps
* Mon Jun 15 2009 Ade Lee <alee> 1.1.0-8
- Bugzilla Bug 504765 - more selinux messages when restarting RA
* Tue Jun 9 2009 Ade Lee <alee> 1.1.0-7
Index: base/selinux/src/pki.if
===================================================================
--- base/selinux/src/pki.if (revision 619)
+++ base/selinux/src/pki.if (working copy)
@@ -492,8 +492,8 @@
allow pki_tps_t lib_t:file execute_no_trans;
#fowner needed for chmod
- allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner fsetid};
- allow pki_tps_t self:process { setsched signal getsched signull execstack execmem};
+ allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner fsetid kill};
+ allow pki_tps_t self:process { setsched signal getsched signull execstack execmem sigkill};
allow pki_tps_t self:sem all_sem_perms;
allow pki_tps_t self:tcp_socket create_stream_socket_perms;
Index: base/selinux/src/pki.te
===================================================================
--- base/selinux/src/pki.te (revision 619)
+++ base/selinux/src/pki.te (working copy)
@@ -1,4 +1,4 @@
-policy_module(pki,1.0.10)
+policy_module(pki,1.0.11)
attribute pki_ca_config;
attribute pki_ca_executable;
@@ -25,6 +25,9 @@
# for crl publishing
allow pki_ca_t pki_ca_var_lib_t:lnk_file { rename create unlink };
+# for ECC
+auth_getattr_shadow(pki_ca_t)
+
attribute pki_kra_config;
attribute pki_kra_executable;
attribute pki_kra_var_lib;
[builder@dhcp231-124 pki]$ svn ci -m "Bugzilla Bug 506387 and 506133 - ECC and messages for tps" Sending base/selinux/src/pki.if Sending base/selinux/src/pki.te Sending dogtag/selinux/pki-selinux.spec Transmitting file data ... Committed revision 620. Verified. I installed/configured pki-tps on a new build and verified the audit log. Haven't seen it here. Chandra: you may have encountered these when configured nethsm/luna ?? Do you want to confirm or shall I close it as "Verified"" |