freeipa/selinux/ipa_dogtag
Martin Kosek c8d522bc98 Update SELinux policy for dogtag10
Incorporate SELinux policy changes introduced in Dogtag 10 in IPA
SELinux policy:
- dogtag10 now runs with pki_tomcat_t context instead of pki_ca_t
- certmonger related rule are now integrated in system policy and
  can be removed from IPA policy

Also remove redundant SELinux rules for connection of httpd_t, krb5kdc_t
or named_t to DS socket. The socket has different target type anyway
(dirsrv_var_run_t) and the policy allowing this is already in
system.

https://fedorahosted.org/freeipa/ticket/3234
2012-11-30 11:12:51 -05:00
..
ipa_dogtag.fc Move CRL publish directory to IPA owned directory 2012-10-09 16:00:01 +02:00
ipa_dogtag.te Update SELinux policy for dogtag10 2012-11-30 11:12:51 -05:00