dogtag10 introduced in Fedora 18 includes several SELinux policy changes that needs to be reflected on in FreeIPA:
pki_tomcat_t
pki_ca_t
We should also double check that the rule with pki_ca_var_lib_t for httpd_t is still needed since it CRLs are now located in /var/lib/ipa/...
pki_ca_var_lib_t
httpd_t
/var/lib/ipa/...
attachment freeipa-mkosek-331-update-selinux-policy-for-dogtag10.patch
Patch freeipa-mkosek-331-update-selinux-policy-for-dogtag10.patch sent for review
master: c8d522b
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.1 Stabilization
Login to comment on this ticket.