Description of problem: I've just committed support for systemd into mod_ssl (see Bug #707917). When started, httpd now executes /usr/libexec/httpd-ssl-pass-dialog if SSL certificates are encrypted to get the password. I would like to have this behaviour added in selinux-policy in rawhide. Actual results: I'm attaching messages that are generated after applying this change in F15 (I don't have any rawhide machine just now. I hope it's not problem, because I presume it should be the same in rawhide).
Created attachment 517522 [details] audit log
Well first off how was /etc/localtime created, it has the wrong label on it. restorecon /etc/localtime When httpd starts it executes /usr/libexec/http-ssl-pass-dialog? I think we need to add policy to this application. And should not add policy for all of httpd_t.
Yes, httpd will execute that script when mod_ssl needs to prompt for a password to unlock a private key. Traditionally httpd has simple prompted on the console for the password, but with systemd than no longer works as it won't have a terminal to prompt on. So the default configuration has been changed so it runs that script when it needs a password, and that script runs /bin/systemd-ask-password which does the necessary magic to prompt the user for a password in an appropriate way.
I know the fix for this is already in rawhide. Would it be possible to include it also in F16. I would like to include my mod_ssl change in F16.
Should be there also because we have Rawhide == F16.