<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 08/22/12 19:51, Ade Lee wrote:<br>
</div>
<blockquote cite="mid:1345690298.2539.17.camel@aleeredhat.laptop"
type="cite">
<pre wrap="">The last selinux changes checked into dogtag 9 resolved the following
bug for f17:
BZ 841966 : latest selinux policy fix breaks dogtag
Unfortunately, it also broke the pki-selinux policy in f16.
The following patches address this. They should be applied in order
(49,50,52) Basically, 49 reverts the previous change. 50 and 52 adds a
new patch that will be applied to the pki-selinux code for f17 only.
The new patch has already been uploaded, so you should be able to build.
Please review,
Thanks,
Ade
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<tt>ACK - because Failures alluded to below were deemed as to not be
caused by these patches.<br>
<br>
Tested pre-installed/pre-configured CA, KRA, OCSP, TKS, RA, and
TPS instances on 64-bit Fedora 16 running SELinux in Enforcing
mode:<br>
<br>
</tt>
<ul>
<li><tt>Successfully restarted CA</tt></li>
<ul>
<li><tt>Successfully requested, approved, and issued a
certificate on the CA</tt></li>
</ul>
<li><tt>Successfully restarted KRA</tt></li>
<ul>
<li><tt>Successfully archived a certificate's keys on the KRA</tt></li>
</ul>
<li><tt>Successfully restarted OCSP</tt></li>
<li><tt>Successfully restarted RA</tt></li>
<li><tt>Successfully restarted TKS</tt></li>
<li><tt>Successfully restarted TPS after changing
'/var/lib/pki-tps/conf/CS.cfg' from:</tt></li>
<ul>
<li><tt>selftests.container.order.startup=TPSPresence:critical,
TPSSystemCertsVerification:critical to</tt></li>
<li><tt>selftests.container.order.startup=TPSPresence:critical</tt></li>
<li><tt>Failure was believed to NOT be related to these patches
as this appears to crash TKS as well</tt></li>
</ul>
<li><tt>Successfully restarted TKS after changing
'/var/lib/pki-tks/conf/CS.cfg' from:</tt></li>
<ul>
<li><tt>selftests.container.order.startup=TKSKnownSessionKey:critical,
SystemCertsVerification:critical to</tt></li>
<li><tt>selftests.container.order.startup=SystemCertsVerification:critical</tt></li>
<li><tt>Failure was believed to NOT be related to these patches</tt></li>
</ul>
</ul>
<tt><br>
Built/Installed/Configured/Tested CA, KRA, OCSP, TKS, RA, and TPS
instances on 64-bit Fedora 17 running SELinux in Enforcing mode:<br>
<br>
</tt>
<ul>
<li><tt>Successfully restarted KRA</tt></li>
<ul>
<li><tt>Successfully archived a certificate's keys on the KRA</tt></li>
</ul>
<li><tt>Successfully restarted OCSP</tt></li>
<ul>
<li><tt>Successfully restarted RA</tt></li>
</ul>
<li><tt>Successfully restarted TKS</tt></li>
<li><tt>Successfully restarted TPS after changing
'/var/lib/pki-tps/conf/CS.cfg' from:</tt></li>
<ul>
<li><tt>selftests.container.order.startup=TPSPresence:critical,
TPSSystemCertsVerification:critical to</tt></li>
<li><tt>selftests.container.order.startup=TPSPresence:critical</tt></li>
<li><tt>Failure was believed to NOT be related to these patches
as this appears to crash TKS as well</tt></li>
</ul>
<li><tt>Successfully restarted TKS after changing
'/var/lib/pki-tks/conf/CS.cfg' from:</tt></li>
<ul>
<li><tt>selftests.container.order.startup=TKSKnownSessionKey:critical,
SystemCertsVerification:critical to</tt></li>
<li><tt>selftests.container.order.startup=SystemCertsVerification:critical</tt></li>
<li><tt>Failure was believed to NOT be related to these patches</tt></li>
</ul>
</ul>
<br>
</body>
</html>