sharing between dogtag and Apache

Rob Crittenden rcritten at
Mon Aug 24 18:23:08 UTC 2009

I'm running dogtag, a certificate server, which can publish CRLs. Right 
now I'm writing them within the dogtag context which writes the files as 

I want to make these available from within Apache so I did:

Alias /ipa/crl /var/lib/pki-ca/publish

Trouble is Apache can't read the files. The simplest route is to simply 
grant httpd read/search/getattr access to the directory and files. I've 
got that working now.

This grants Apache the rights to read anything in there though, not 
really the best solution.

Can I create a new label, say pki_ca_publish_t, and use that to share 
between the two? How might I go about doing that?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the fedora-selinux-list mailing list