#3234 Update SELinux policy for dogtag
Closed: Fixed None Opened 11 years ago by mkosek.

dogtag10 introduced in Fedora 18 includes several SELinux policy changes that needs to be reflected on in FreeIPA:

  1. pki-ca now runs with pki_tomcat_t type instead of pki_ca_t
  2. certmonger rules in ipa_dogtag.te should be now part of system SELinux policy and should be removed from our policy

We should also double check that the rule with pki_ca_var_lib_t for httpd_t is still needed since it CRLs are now located in /var/lib/ipa/...


Patch freeipa-mkosek-331-update-selinux-policy-for-dogtag10.patch sent for review

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.1 Stabilization

7 years ago

Login to comment on this ticket.

Metadata