IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

SELinux Policy: ipa_custodia_pki_tomcat_exec_t => ipa_custodia_pki_tomcat_t

Browse Source 
ipa_custodia_pki_tomcat_exec_t was granted java_exec by mistake ; replace by
ipa_custodia_pki_tomcat_t.
As suggested by Ondrej Mosnáček.

Fixes: https://pagure.io/freeipa/issue/8488
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-By: Lukas Vrabec <lvrabec@redhat.com>
Reviewed-By: Zdenek Pytela <zpytela@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
This commit is contained in:
François Cami 2020-09-21 11:37:12 +02:00
parent 820beca4ac
commit 09816f4dbc
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
selinux/ipa.te
View File

@ -63,6 +63,8 @@ init_script_file(ipa_custodia_dmldap_exec_t)
type ipa_custodia_pki_tomcat_exec_t;
init_script_file(ipa_custodia_pki_tomcat_exec_t)
type ipa_custodia_pki_tomcat_t;
type ipa_custodia_ra_agent_exec_t;
init_script_file(ipa_custodia_ra_agent_exec_t)
@ -436,7 +438,7 @@ optional_policy(`
')
optional_policy(`
java_exec(ipa_custodia_pki_tomcat_exec_t)
java_exec(ipa_custodia_pki_tomcat_t)
# allow Java to read system status and RNG
dev_read_urand(ipa_custodia_t)
dev_read_rand(ipa_custodia_t)