Description of problem: Further inspection determined that the TPS and RA subsystems actually started in uncontained mode - meaning that the selinux policies for TPS and RA originally delivered were not used. The init scripts need to be changed, and the selinux profiles modified so that the TPS and RA subsystems start up and install correctly. Also, the RA and TPS subsystems appear to require the use of rpm -- this is a dependency that is unnecessary, and appears to result from a call to pkidist. pkidist needs to be modified to no longer use rpm. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 331397 [details] patch to fix mharmsen, please review
Created attachment 331599 [details] patch to fix native-tools As pointed out by mharmsen, slightly different sed line needed in native tools. mharmsen, please review.
attachment (id=331397) attachment (id=331599) +mharmsen * you will also need to update the native-tools, selinux, ra, and tps release numbers and changelogs in their associated dogtag spec files with this bug; no need to make extra attachments
[builder@dhcp231-124 dogtag]$ svn ci -m "Bugzilla 484826" selinux tps ra native-tools Sending native-tools/pki-native-tools.spec Sending ra/pki-ra.spec Sending selinux/pki-selinux.spec Sending tps/pki-tps.spec Transmitting file data .... Committed revision 223. [builder@oliver base]$ svn ci -m "Bugzilla 464826" Sending native-tools/setup_package Sending ra/etc/init.d/httpd Sending selinux/src/pki.if Sending selinux/src/pki.te Sending tps/etc/init.d/httpd Transmitting file data ..... Committed revision 222.
[root@qe-blade-11 tmp]# ps -eZ | grep pki root:system_r:pki_tps_t 9755 ? 00:00:00 nss_pcache root:system_r:pki_tps_t 9764 ? 00:00:00 nss_pcache root:system_r:pki_tps_t 9777 ? 6-20:23:28 httpd.worker root:system_r:pki_tps_t 15537 ? 00:00:00 nss_pcache root:system_r:pki_tps_t 15546 ? 00:00:00 nss_pcache root:system_r:pki_tps_t 15559 ? 1-02:34:32 httpd.worker root:system_r:pki_ca_t 17381 ? 00:00:09 java root:system_r:pki_kra_t 18570 ? 00:00:03 java root:system_r:pki_ocsp_t 19589 ? 00:00:03 java root:system_r:pki_tks_t 20590 ? 00:00:03 java root:system_r:pki_tps_t 21489 ? 00:00:00 nss_pcache root:system_r:pki_tps_t 21498 ? 00:00:00 nss_pcache root:system_r:pki_tps_t 21511 ? 19:26:40 httpd.worker root:system_r:pki_ra_t 22126 pts/0 00:00:00 nss_pcache root:system_r:pki_ra_t 22135 pts/0 00:00:00 nss_pcache root:system_r:pki_ra_t 22136 ? 00:00:00 httpd.worker root:system_r:pki_ra_t 22148 ? 00:00:00 httpd.worker root:system_r:pki_tps_t 24806 pts/0 00:00:00 nss_pcache root:system_r:pki_tps_t 24815 pts/0 00:00:00 nss_pcache root:system_r:pki_tps_t 24816 ? 00:00:00 httpd.worker root:system_r:pki_tps_t 24828 ? 00:00:00 httpd.worker root:system_r:pki_ca_t 27665 ? 00:00:05 java processes not running unconfined, no selinux messages on install and configuration of any subsystem Verified