Bug 524068
| Summary: | new rules needed for AVC denials for TPS and RA on FC11 | ||
|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Ade Lee <alee> |
| Component: | SELinux | Assignee: | Ade Lee <alee> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 1.2 | CC: | awnuk, benl, cfu, dlackey, jmagne, mharmsen |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-27 07:15:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 445047 | ||
|
Description
Ade Lee
2009-09-17 18:43:49 UTC
Modified: trunk/pki/base/selinux/src/pki.if
===================================================================
--- trunk/pki/base/selinux/src/pki.if 2009-09-03 18:54:29 UTC (rev 790)
+++ trunk/pki/base/selinux/src/pki.if 2009-09-17 18:45:54 UTC (rev 791)
@@ -482,7 +482,7 @@
allow pki_tps_t httpd_config_t:file { read getattr execute };
allow pki_tps_t httpd_exec_t:file entrypoint;
allow pki_tps_t httpd_modules_t:lnk_file read;
- allow pki_tps_t httpd_suexec_exec_t:file getattr;
+ allow pki_tps_t httpd_suexec_exec_t:file { getattr read execute };
# apache permissions
apache_exec_modules(pki_tps_t)
@@ -653,7 +653,7 @@
allow pki_ra_t httpd_config_t:file { read getattr execute };
allow pki_ra_t httpd_exec_t:file entrypoint;
allow pki_ra_t httpd_modules_t:lnk_file read;
- allow pki_ra_t httpd_suexec_exec_t:file getattr;
+ allow pki_ra_t httpd_suexec_exec_t:file { getattr read execute };
#apache permissions
apache_read_config(pki_ra_t)
Modified: trunk/pki/base/selinux/src/pki.te
===================================================================
--- trunk/pki/base/selinux/src/pki.te 2009-09-03 18:54:29 UTC (rev 790)
+++ trunk/pki/base/selinux/src/pki.te 2009-09-17 18:45:54 UTC (rev 791)
@@ -1,4 +1,4 @@
-policy_module(pki,1.0.13)
+policy_module(pki,1.0.14)
attribute pki_ca_config;
attribute pki_ca_executable;
Modified: trunk/pki/dogtag/selinux/pki-selinux.spec
===================================================================
--- trunk/pki/dogtag/selinux/pki-selinux.spec 2009-09-03 18:54:29 UTC (rev 790)
+++ trunk/pki/dogtag/selinux/pki-selinux.spec 2009-09-17 18:45:54 UTC (rev 791)
@@ -33,7 +33,7 @@
## Package Header Definitions
%define base_name %{base_prefix}-%{base_component}
%define base_version 1.2.0
-%define base_release 2
+%define base_release 3
%define base_group System Environment/Shells
%define base_vendor Red Hat, Inc.
%define base_license GPLv2 with exceptions
@@ -249,6 +249,8 @@
###############################################################################
%changelog
+* Wed Sep 16 2009 Ade Lee <alee> 1.2.0-3
+- Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11
* Mon Aug 24 2009 Ade Lee <alee> 1.2.0-2
- Bugzilla Bug 514520 - Build of pki-selinux 1.2.0 component fails on fc11
* Tue Jul 28 2009 Matthew Harmsen <mharmsen> 1.2.0-1
[builder@dhcp231-70 pki]$ svn ci -m "Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11"
Sending pki/base/selinux/src/pki.if
Sending pki/base/selinux/src/pki.te
Sending pki/dogtag/selinux/pki-selinux.spec
Transmitting file data .
Committed revision 791.
|