<html> <head> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">On 08/22/12 19:51, Ade Lee wrote: </div> <blockquote cite="mid:1345690298.2539.17.camel@aleeredhat.laptop" type="cite"> <pre wrap="">The last selinux changes checked into dogtag 9 resolved the following bug for f17: BZ 841966 : latest selinux policy fix breaks dogtag Unfortunately, it also broke the pki-selinux policy in f16. The following patches address this. They should be applied in order (49,50,52) Basically, 49 reverts the previous change. 50 and 52 adds a new patch that will be applied to the pki-selinux code for f17 only. The new patch has already been uploaded, so you should be able to build. Please review, Thanks, Ade </pre> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Pki-devel mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre> </blockquote> <tt>ACK - because Failures alluded to below were deemed as to not be caused by these patches. Tested pre-installed/pre-configured CA, KRA, OCSP, TKS, RA, and TPS instances on 64-bit Fedora 16 running SELinux in Enforcing mode: </tt> <ul> <li><tt>Successfully restarted CA</tt></li> <ul> <li><tt>Successfully requested, approved, and issued a certificate on the CA</tt></li> </ul> <li><tt>Successfully restarted KRA</tt></li> <ul> <li><tt>Successfully archived a certificate's keys on the KRA</tt></li> </ul> <li><tt>Successfully restarted OCSP</tt></li> <li><tt>Successfully restarted RA</tt></li> <li><tt>Successfully restarted TKS</tt></li> <li><tt>Successfully restarted TPS after changing '/var/lib/pki-tps/conf/CS.cfg' from:</tt></li> <ul> <li><tt>selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical to</tt></li> <li><tt>selftests.container.order.startup=TPSPresence:critical</tt></li> <li><tt>Failure was believed to NOT be related to these patches as this appears to crash TKS as well</tt></li> </ul> <li><tt>Successfully restarted TKS after changing '/var/lib/pki-tks/conf/CS.cfg' from:</tt></li> <ul> <li><tt>selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical to</tt></li> <li><tt>selftests.container.order.startup=SystemCertsVerification:critical</tt></li> <li><tt>Failure was believed to NOT be related to these patches</tt></li> </ul> </ul> <tt> Built/Installed/Configured/Tested CA, KRA, OCSP, TKS, RA, and TPS instances on 64-bit Fedora 17 running SELinux in Enforcing mode: </tt> <ul> <li><tt>Successfully restarted KRA</tt></li> <ul> <li><tt>Successfully archived a certificate's keys on the KRA</tt></li> </ul> <li><tt>Successfully restarted OCSP</tt></li> <ul> <li><tt>Successfully restarted RA</tt></li> </ul> <li><tt>Successfully restarted TKS</tt></li> <li><tt>Successfully restarted TPS after changing '/var/lib/pki-tps/conf/CS.cfg' from:</tt></li> <ul> <li><tt>selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical to</tt></li> <li><tt>selftests.container.order.startup=TPSPresence:critical</tt></li> <li><tt>Failure was believed to NOT be related to these patches as this appears to crash TKS as well</tt></li> </ul> <li><tt>Successfully restarted TKS after changing '/var/lib/pki-tks/conf/CS.cfg' from:</tt></li> <ul> <li><tt>selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical to</tt></li> <li><tt>selftests.container.order.startup=SystemCertsVerification:critical</tt></li> <li><tt>Failure was believed to NOT be related to these patches</tt></li> </ul> </ul> </body> </html>