sharing between dogtag and Apache
Daniel J Walsh
dwalsh at redhat.com
Tue Aug 25 21:13:03 UTC 2009
On 08/24/2009 02:23 PM, Rob Crittenden wrote:
> I'm running dogtag, a certificate server, which can publish CRLs. Right
> now I'm writing them within the dogtag context which writes the files as
> pki_ca_var_lib_t.
>
> I want to make these available from within Apache so I did:
>
> Alias /ipa/crl /var/lib/pki-ca/publish
>
> Trouble is Apache can't read the files. The simplest route is to simply
> grant httpd read/search/getattr access to the directory and files. I've
> got that working now.
>
> This grants Apache the rights to read anything in there though, not
> really the best solution.
>
> Can I create a new label, say pki_ca_publish_t, and use that to share
> between the two? How might I go about doing that?
>
> thanks
>
> rob
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Why not label them cert_t and allow dogtag to write cert_t.
More information about the fedora-selinux-list
mailing list