[Pki-devel] [PATCH] 49, 50, 52 - fix broken selinux on f16 (dogtag 9)
Ade Lee
alee at redhat.com
Fri Aug 24 03:04:01 UTC 2012
pushed to dogtag 9
On Thu, 2012-08-23 at 15:58 -0700, Matthew Harmsen wrote:
> On 08/22/12 19:51, Ade Lee wrote:
>
> > The last selinux changes checked into dogtag 9 resolved the following
> > bug for f17:
> > BZ 841966 : latest selinux policy fix breaks dogtag
> >
> > Unfortunately, it also broke the pki-selinux policy in f16.
> >
> > The following patches address this. They should be applied in order
> > (49,50,52) Basically, 49 reverts the previous change. 50 and 52 adds a
> > new patch that will be applied to the pki-selinux code for f17 only.
> >
> > The new patch has already been uploaded, so you should be able to build.
> >
> > Please review,
> > Thanks,
> > Ade
> >
> >
> >
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> ACK - because Failures alluded to below were deemed as to not be
> caused by these patches.
>
> Tested pre-installed/pre-configured CA, KRA, OCSP, TKS, RA, and TPS
> instances on 64-bit Fedora 16 running SELinux in Enforcing mode:
>
> * Successfully restarted CA
> * Successfully requested, approved, and issued a
> certificate on the CA
> * Successfully restarted KRA
> * Successfully archived a certificate's keys on the KRA
> * Successfully restarted OCSP
> * Successfully restarted RA
> * Successfully restarted TKS
> * Successfully restarted TPS after changing
> '/var/lib/pki-tps/conf/CS.cfg' from:
> * selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical to
> * selftests.container.order.startup=TPSPresence:critical
> * Failure was believed to NOT be related to these
> patches as this appears to crash TKS as well
> * Successfully restarted TKS after changing
> '/var/lib/pki-tks/conf/CS.cfg' from:
> * selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical to
> * selftests.container.order.startup=SystemCertsVerification:critical
> * Failure was believed to NOT be related to these
> patches
>
> Built/Installed/Configured/Tested CA, KRA, OCSP, TKS, RA, and TPS
> instances on 64-bit Fedora 17 running SELinux in Enforcing mode:
>
> * Successfully restarted KRA
> * Successfully archived a certificate's keys on the KRA
> * Successfully restarted OCSP
> * Successfully restarted RA
> * Successfully restarted TKS
> * Successfully restarted TPS after changing
> '/var/lib/pki-tps/conf/CS.cfg' from:
> * selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical to
> * selftests.container.order.startup=TPSPresence:critical
> * Failure was believed to NOT be related to these
> patches as this appears to crash TKS as well
> * Successfully restarted TKS after changing
> '/var/lib/pki-tks/conf/CS.cfg' from:
> * selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical to
> * selftests.container.order.startup=SystemCertsVerification:critical
> * Failure was believed to NOT be related to these
> patches
>
More information about the Pki-devel
mailing list