[Pki-devel] [PATCH] 49, 50, 52 - fix broken selinux on f16 (dogtag 9)
Matthew Harmsen
mharmsen at redhat.com
Thu Aug 23 22:58:45 UTC 2012
On 08/22/12 19:51, Ade Lee wrote:
> The last selinux changes checked into dogtag 9 resolved the following
> bug for f17:
> BZ 841966 : latest selinux policy fix breaks dogtag
>
> Unfortunately, it also broke the pki-selinux policy in f16.
>
> The following patches address this. They should be applied in order
> (49,50,52) Basically, 49 reverts the previous change. 50 and 52 adds a
> new patch that will be applied to the pki-selinux code for f17 only.
>
> The new patch has already been uploaded, so you should be able to build.
>
> Please review,
> Thanks,
> Ade
>
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
ACK - because Failures alluded to below were deemed as to not be caused
by these patches.
Tested pre-installed/pre-configured CA, KRA, OCSP, TKS, RA, and TPS
instances on 64-bit Fedora 16 running SELinux in Enforcing mode:
* Successfully restarted CA
o Successfully requested, approved, and issued a certificate on the CA
* Successfully restarted KRA
o Successfully archived a certificate's keys on the KRA
* Successfully restarted OCSP
* Successfully restarted RA
* Successfully restarted TKS
* Successfully restarted TPS after changing
'/var/lib/pki-tps/conf/CS.cfg' from:
o selftests.container.order.startup=TPSPresence:critical,
TPSSystemCertsVerification:critical to
o selftests.container.order.startup=TPSPresence:critical
o Failure was believed to NOT be related to these patches as this
appears to crash TKS as well
* Successfully restarted TKS after changing
'/var/lib/pki-tks/conf/CS.cfg' from:
o selftests.container.order.startup=TKSKnownSessionKey:critical,
SystemCertsVerification:critical to
o selftests.container.order.startup=SystemCertsVerification:critical
o Failure was believed to NOT be related to these patches
Built/Installed/Configured/Tested CA, KRA, OCSP, TKS, RA, and TPS
instances on 64-bit Fedora 17 running SELinux in Enforcing mode:
* Successfully restarted KRA
o Successfully archived a certificate's keys on the KRA
* Successfully restarted OCSP
o Successfully restarted RA
* Successfully restarted TKS
* Successfully restarted TPS after changing
'/var/lib/pki-tps/conf/CS.cfg' from:
o selftests.container.order.startup=TPSPresence:critical,
TPSSystemCertsVerification:critical to
o selftests.container.order.startup=TPSPresence:critical
o Failure was believed to NOT be related to these patches as this
appears to crash TKS as well
* Successfully restarted TKS after changing
'/var/lib/pki-tks/conf/CS.cfg' from:
o selftests.container.order.startup=TKSKnownSessionKey:critical,
SystemCertsVerification:critical to
o selftests.container.order.startup=SystemCertsVerification:critical
o Failure was believed to NOT be related to these patches
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120823/a05860a2/attachment.htm>
More information about the Pki-devel
mailing list