Bug 524068
Summary: | new rules needed for AVC denials for TPS and RA on FC11 | ||
---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Ade Lee <alee> |
Component: | SELinux | Assignee: | Ade Lee <alee> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 1.2 | CC: | awnuk, benl, cfu, dlackey, jmagne, mharmsen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-27 07:15:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 445047 |
Description
Ade Lee
2009-09-17 18:43:49 UTC
Modified: trunk/pki/base/selinux/src/pki.if =================================================================== --- trunk/pki/base/selinux/src/pki.if 2009-09-03 18:54:29 UTC (rev 790) +++ trunk/pki/base/selinux/src/pki.if 2009-09-17 18:45:54 UTC (rev 791) @@ -482,7 +482,7 @@ allow pki_tps_t httpd_config_t:file { read getattr execute }; allow pki_tps_t httpd_exec_t:file entrypoint; allow pki_tps_t httpd_modules_t:lnk_file read; - allow pki_tps_t httpd_suexec_exec_t:file getattr; + allow pki_tps_t httpd_suexec_exec_t:file { getattr read execute }; # apache permissions apache_exec_modules(pki_tps_t) @@ -653,7 +653,7 @@ allow pki_ra_t httpd_config_t:file { read getattr execute }; allow pki_ra_t httpd_exec_t:file entrypoint; allow pki_ra_t httpd_modules_t:lnk_file read; - allow pki_ra_t httpd_suexec_exec_t:file getattr; + allow pki_ra_t httpd_suexec_exec_t:file { getattr read execute }; #apache permissions apache_read_config(pki_ra_t) Modified: trunk/pki/base/selinux/src/pki.te =================================================================== --- trunk/pki/base/selinux/src/pki.te 2009-09-03 18:54:29 UTC (rev 790) +++ trunk/pki/base/selinux/src/pki.te 2009-09-17 18:45:54 UTC (rev 791) @@ -1,4 +1,4 @@ -policy_module(pki,1.0.13) +policy_module(pki,1.0.14) attribute pki_ca_config; attribute pki_ca_executable; Modified: trunk/pki/dogtag/selinux/pki-selinux.spec =================================================================== --- trunk/pki/dogtag/selinux/pki-selinux.spec 2009-09-03 18:54:29 UTC (rev 790) +++ trunk/pki/dogtag/selinux/pki-selinux.spec 2009-09-17 18:45:54 UTC (rev 791) @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.2.0 -%define base_release 2 +%define base_release 3 %define base_group System Environment/Shells %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -249,6 +249,8 @@ ############################################################################### %changelog +* Wed Sep 16 2009 Ade Lee <alee> 1.2.0-3 +- Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11 * Mon Aug 24 2009 Ade Lee <alee> 1.2.0-2 - Bugzilla Bug 514520 - Build of pki-selinux 1.2.0 component fails on fc11 * Tue Jul 28 2009 Matthew Harmsen <mharmsen> 1.2.0-1 [builder@dhcp231-70 pki]$ svn ci -m "Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11" Sending pki/base/selinux/src/pki.if Sending pki/base/selinux/src/pki.te Sending pki/dogtag/selinux/pki-selinux.spec Transmitting file data . Committed revision 791. |