[Pki-devel] [PATCH] 60-63 revised selinux policy
Ade Lee
alee at redhat.com
Fri Oct 5 05:10:15 UTC 2012
Apply patches in order.
This adds the selinux policy which is likely to be added to the system
policy for all subsystems. Please try it out in permissive mode and
note any avcs generated.
Also includes:
- required code to get ra and tps instances started.
- cleanup code for pid file management for the java subsystems
Notes:
1. On f18, everything works as expected.
2. On f17, there are two issues
a) the needed selinux-policy has been built in koji but is not in
updates yet. I will bug mgrepl about this in the morning.
b) the pid file fixes will break java subsystem startup because of a bug
in tomcat. https://bugzilla.redhat.com/show_bug.cgi?id=863307
I will be pushing for this to be fixed asap. In the meantime, you will
need to modify /usr/sbin/tomcat-sysd and replace
export CATALINA_PID="/var/run/${NAME}.pid"
with:
export CATALINA_PID="${CATALINA_PID:-/var/run/${NAME}.pid}"
Ade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0063-Changes-to-start-pki_ra-and-pki_tps-in-correct-conte.patch
Type: text/x-patch
Size: 13119 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121005/50309159/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0062-add-selinux-context-for-pkidaemon-remove-unneeded-pi.patch
Type: text/x-patch
Size: 9675 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121005/50309159/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0061-move-common-policy-into-tps-ra-templates.patch
Type: text/x-patch
Size: 18929 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121005/50309159/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0060-Use-the-tomcat-selinux-domain-for-the-Java-processes.patch
Type: text/x-patch
Size: 15911 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121005/50309159/attachment-0003.bin>
More information about the Pki-devel
mailing list