Description of problem:
I've just committed support for systemd into mod_ssl (see Bug #707917). When started, httpd now executes /usr/libexec/httpd-ssl-pass-dialog if SSL certificates are encrypted to get the password.
I would like to have this behaviour added in selinux-policy in rawhide.
I'm attaching messages that are generated after applying this change in F15 (I don't have any rawhide machine just now. I hope it's not problem, because I presume it should be the same in rawhide).
Created attachment 517522 [details]
Well first off how was /etc/localtime created, it has the wrong label on it.
When httpd starts it executes /usr/libexec/http-ssl-pass-dialog?
I think we need to add policy to this application. And should not add policy for all of httpd_t.
Yes, httpd will execute that script when mod_ssl needs to prompt for a password to unlock a private key.
Traditionally httpd has simple prompted on the console for the password, but with systemd than no longer works as it won't have a terminal to prompt on.
So the default configuration has been changed so it runs that script when it needs a password, and that script runs /bin/systemd-ask-password which does the necessary magic to prompt the user for a password in an appropriate way.
I know the fix for this is already in rawhide. Would it be possible to include it also in F16. I would like to include my mod_ssl change in F16.
Should be there also because we have Rawhide == F16.