Description of problem: new rules needed for AVC denials for TPS and RA on FC11 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Modified: trunk/pki/base/selinux/src/pki.if =================================================================== --- trunk/pki/base/selinux/src/pki.if 2009-09-03 18:54:29 UTC (rev 790) +++ trunk/pki/base/selinux/src/pki.if 2009-09-17 18:45:54 UTC (rev 791) @@ -482,7 +482,7 @@ allow pki_tps_t httpd_config_t:file { read getattr execute }; allow pki_tps_t httpd_exec_t:file entrypoint; allow pki_tps_t httpd_modules_t:lnk_file read; - allow pki_tps_t httpd_suexec_exec_t:file getattr; + allow pki_tps_t httpd_suexec_exec_t:file { getattr read execute }; # apache permissions apache_exec_modules(pki_tps_t) @@ -653,7 +653,7 @@ allow pki_ra_t httpd_config_t:file { read getattr execute }; allow pki_ra_t httpd_exec_t:file entrypoint; allow pki_ra_t httpd_modules_t:lnk_file read; - allow pki_ra_t httpd_suexec_exec_t:file getattr; + allow pki_ra_t httpd_suexec_exec_t:file { getattr read execute }; #apache permissions apache_read_config(pki_ra_t) Modified: trunk/pki/base/selinux/src/pki.te =================================================================== --- trunk/pki/base/selinux/src/pki.te 2009-09-03 18:54:29 UTC (rev 790) +++ trunk/pki/base/selinux/src/pki.te 2009-09-17 18:45:54 UTC (rev 791) @@ -1,4 +1,4 @@ -policy_module(pki,1.0.13) +policy_module(pki,1.0.14) attribute pki_ca_config; attribute pki_ca_executable; Modified: trunk/pki/dogtag/selinux/pki-selinux.spec =================================================================== --- trunk/pki/dogtag/selinux/pki-selinux.spec 2009-09-03 18:54:29 UTC (rev 790) +++ trunk/pki/dogtag/selinux/pki-selinux.spec 2009-09-17 18:45:54 UTC (rev 791) @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.2.0 -%define base_release 2 +%define base_release 3 %define base_group System Environment/Shells %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -249,6 +249,8 @@ ############################################################################### %changelog +* Wed Sep 16 2009 Ade Lee <alee> 1.2.0-3 +- Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11 * Mon Aug 24 2009 Ade Lee <alee> 1.2.0-2 - Bugzilla Bug 514520 - Build of pki-selinux 1.2.0 component fails on fc11 * Tue Jul 28 2009 Matthew Harmsen <mharmsen> 1.2.0-1 [builder@dhcp231-70 pki]$ svn ci -m "Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11" Sending pki/base/selinux/src/pki.if Sending pki/base/selinux/src/pki.te Sending pki/dogtag/selinux/pki-selinux.spec Transmitting file data . Committed revision 791.