[Pki-devel] [PATCH] 49, 50, 52 - fix broken selinux on f16 (dogtag 9)

Ade Lee alee at redhat.com
Fri Aug 24 03:04:01 UTC 2012 

pushed to dogtag 9
On Thu, 2012-08-23 at 15:58 -0700, Matthew Harmsen wrote:
> On 08/22/12 19:51, Ade Lee wrote:
> 
> > The last selinux changes checked into dogtag 9 resolved the following
> > bug for f17:
> >     BZ 841966 : latest selinux policy fix breaks dogtag
> > 
> > Unfortunately, it also broke the pki-selinux policy in f16.
> > 
> > The following patches address this.  They should be applied in order
> > (49,50,52)  Basically, 49 reverts the previous change. 50 and 52 adds a
> > new patch that will be applied to the pki-selinux code for f17 only.
> > 
> > The new patch has already been uploaded, so you should be able to build.
> > 
> > Please review,
> > Thanks, 
> > Ade
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> ACK - because Failures alluded to below were deemed as to not be
> caused by these patches.
> 
> Tested pre-installed/pre-configured CA, KRA, OCSP, TKS, RA, and TPS
> instances on 64-bit Fedora 16 running SELinux in Enforcing mode:
> 
>       * Successfully restarted CA
>               * Successfully requested, approved, and issued a
>                 certificate on the CA
>       * Successfully restarted KRA
>               * Successfully archived a certificate's keys on the KRA
>       * Successfully restarted OCSP
>       * Successfully restarted RA
>       * Successfully restarted TKS
>       * Successfully restarted TPS after changing
>         '/var/lib/pki-tps/conf/CS.cfg' from:
>               * selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical to
>               * selftests.container.order.startup=TPSPresence:critical
>               * Failure was believed to NOT be related to these
>                 patches as this appears to crash TKS as well
>       * Successfully restarted TKS after changing
>         '/var/lib/pki-tks/conf/CS.cfg' from:
>               * selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical to
>               * selftests.container.order.startup=SystemCertsVerification:critical
>               * Failure was believed to NOT be related to these
>                 patches
> 
> Built/Installed/Configured/Tested CA, KRA, OCSP, TKS, RA, and TPS
> instances on 64-bit Fedora 17 running SELinux in Enforcing mode:
> 
>       * Successfully restarted KRA
>               * Successfully archived a certificate's keys on the KRA
>       * Successfully restarted OCSP
>               * Successfully restarted RA
>       * Successfully restarted TKS
>       * Successfully restarted TPS after changing
>         '/var/lib/pki-tps/conf/CS.cfg' from:
>               * selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical to
>               * selftests.container.order.startup=TPSPresence:critical
>               * Failure was believed to NOT be related to these
>                 patches as this appears to crash TKS as well
>       * Successfully restarted TKS after changing
>         '/var/lib/pki-tks/conf/CS.cfg' from:
>               * selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical to
>               * selftests.container.order.startup=SystemCertsVerification:critical
>               * Failure was believed to NOT be related to these
>                 patches
>

More information about the Pki-devel mailing list