[Pki-devel] [PATCH] 020 - selinux changes for ephemeral ports
Matthew Harmsen
mharmsen at redhat.com
Thu Feb 23 23:43:20 UTC 2012
On 02/23/12 14:59, Ade Lee wrote:
> Please review.
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
ACK
* applied patch to freshly pulled repo (Dogtag 10)
* built and installed new 'pki-core' components (specifically 'pki-selinux')
* successfully restarted 'pki-ca' instance
* successfully enrolled for a certificate
* sudo audit2allow -R -i /var/log/audit/audit.log
require {
type pki_kra_t;
type certwatch_t;
type pki_ca_t;
}
#============= certwatch_t ==============
files_read_var_files(certwatch_t)
#============= pki_ca_t ==============
fs_getattr_xattr_fs(pki_ca_t)
#============= pki_kra_t ==============
fs_getattr_xattr_fs(pki_kra_t)
* sudo audit2allow -R -i /var/log/audit/audit.log | grep pki
type pki_kra_t;
type pki_ca_t;
#============= pki_ca_t ==============
fs_getattr_xattr_fs(pki_ca_t)
#============= pki_kra_t ==============
fs_getattr_xattr_fs(pki_kra_t)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120223/c2ab675a/attachment.htm>
More information about the Pki-devel
mailing list