700505 – pki tomcat6 instances currently running unconfined

Bug 700505 - pki tomcat6 instances currently running unconfined

Summary: pki tomcat6 instances currently running unconfined

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	SELinux
Sub Component:
Version:	9.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Ade Lee
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	530474 700522 732064 732084
TreeView+	depends on / blocked

Reported:	2011-04-28 14:46 UTC by Ade Lee
Modified:	2020-03-27 18:34 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	700522 (view as bug list)
Environment:
Last Closed:	2020-03-27 18:34:50 UTC

Attachments	(Terms of Use)
patch to fix (9.48 KB, patch) 2011-08-09 15:40 UTC, Ade Lee	mharmsen: review+	Details \| Diff
patch to make sure server comes up when selinux disabled (838 bytes, patch) 2011-08-15 20:32 UTC, Ade Lee	awnuk: review+	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Description Ade Lee 2011-04-28 14:46:21 UTC

Description of problem:

Due to changes in the startup scripts, pki tomcat6 instances (on tip and on ipa branch) currently run unconfined.  That is, the pki selinux policy is present but is not being used.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 3 Ade Lee 2011-08-09 15:40:23 UTC

Created attachment 517433 [details]
patch to fix

Comment 4 Ade Lee 2011-08-09 17:26:48 UTC

tip: 

[vakwetu@dhcp231-121 base]$ svn ci -m "Resolves #700505 - pki tomcat6 instances currently running unconfined"
Sending        base/common/scripts/functions
Sending        base/selinux/src/pki.fc
Sending        base/selinux/src/pki.if
Sending        base/selinux/src/pki.te
Transmitting file data ....
Committed revision 2127.

Comment 5 Ade Lee 2011-08-15 20:32:11 UTC

Created attachment 518327 [details]
patch  to make sure server comes up when selinux disabled

Comment 6 Ade Lee 2011-08-15 20:47:46 UTC

tip:

[vakwetu@dhcp231-121 base]$ svn ci -m "Resolves #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled"
Sending        base/common/scripts/functions
Transmitting file data .
Committed revision 2146.

Note You need to log in before you can comment on or make changes to this bug.