Currently, both "pkispawn" and "pkidestroy" place their log files under /var/log (as these purposefully do NOT get cleaned up).
However, from an SELinux perspective, it is much easier if these log files are grouped under a common subdirectory.
Therefore, changes need to be implemented which:
- place these files under "/var/log/pki" for SELinux purposes, and - "pkidestroy" needs to leave the "/var/log/pki" directory present (unless it is empty)
This ticket has been addressed by the following check-in:
commit 5b004df074027d1eba33c2f9038030406830cc3c Author: Matthew Harmsen mharmsen@redhat.com Date: Thu Jul 19 01:04:54 2012 -0700
PKI Deployment Scriptlets - In 'catalina.properties', removed commented out jars for each of the subsystems in the 'common.loader' - In 'server.xml', removed the line containing a '1' - Moved all parameters from the [Mandatory] and [Optional] sections of the 'pkideployment.cfg' file to other more appropriate sections (e.g. - [Common], [CA], [KRA], etc.), and removed these sections and all of their associated logic from the 'pki-deploy' package - Resolved Dogtag TRAC Ticket #225 Dogtag 10: Move "pkispawn"/"pkidestroy" logs - Removed all security domain references from external CA logic - Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg' file, and applied logic throughout 'pki-deploy' - Added new error message in the case of an unset DNS domain name, and replaced the log message with a simple print in the case of a 'domainname' exception
Metadata Update from @mharmsen: - Issue assigned to mharmsen - Issue set to the milestone: Dogtag 10.0 Alpha
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/796
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.