'selinux/spacewalk-selinux'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spacewalk-commits
Subject:    selinux/spacewalk-selinux
From:       adelton () fedoraproject ! org (Jan Pazdziora)
Date:       2010-08-31 7:52:03
Message-ID: 20100831075203.B9EA71205AA () lists ! fedorahosted ! org
[Download RAW message or body]

 selinux/spacewalk-selinux/spacewalk-selinux-enable |    2 +-
 selinux/spacewalk-selinux/spacewalk-selinux.spec   |    4 ++--
 selinux/spacewalk-selinux/spacewalk.fc             |    2 ++
 3 files changed, 5 insertions(+), 3 deletions(-)

New commits:
commit 809e0bbc35ebab9bb78976e50af6f79f72fd19e3
Author: Jan Pazdziora <jpazdziora at redhat.com>
Date:   Mon Aug 30 17:44:55 2010 +0200

    628640 - turn the wrapper into java_t upon runtime, it calls java anyway.
    
    If we want to make things more clever in the future, we can turn
    /usr/bin/taskomaticd and /usr/bin/rhnsearchd into scripts that
    would be java_exec_t (or even some other type) and which would
    exec /usr/sbin/tanukiwrapper.

diff --git a/selinux/spacewalk-selinux/spacewalk-selinux-enable \
b/selinux/spacewalk-selinux/spacewalk-selinux-enable index 8100e26..c30eec9 100644
--- a/selinux/spacewalk-selinux/spacewalk-selinux-enable
+++ b/selinux/spacewalk-selinux/spacewalk-selinux-enable
@@ -43,7 +43,7 @@ for selinuxvariant in mls strict targeted
   done
 
 /sbin/restorecon -rvvi /etc/rhn/satellite-httpd/conf/satidmap.pl \
                /usr/sbin/rhn-sat-restart-silent /var/log/rhn /var/cache/rhn \
-	/usr/bin/rhn-sudo-ssl-tool /usr/bin/rhn-sudo-load-ssl-cert /var/www/html/pub
+	/usr/bin/rhn-sudo-ssl-tool /usr/bin/rhn-sudo-load-ssl-cert /var/www/html/pub \
/usr/sbin/tanukiwrapper  
 /usr/sbin/setsebool -P httpd_enable_cgi 1
 /usr/sbin/setsebool -P httpd_can_network_connect 1
diff --git a/selinux/spacewalk-selinux/spacewalk-selinux.spec \
b/selinux/spacewalk-selinux/spacewalk-selinux.spec index 51ffaf8..cfc4acb 100644
--- a/selinux/spacewalk-selinux/spacewalk-selinux.spec
+++ b/selinux/spacewalk-selinux/spacewalk-selinux.spec
@@ -91,7 +91,7 @@ fi
 #this may be safely remove when BZ 505066 is fixed
 if /usr/sbin/selinuxenabled ; then
   /sbin/restorecon -rvvi /etc/rhn/satellite-httpd/conf/satidmap.pl \
                /usr/sbin/rhn-sat-restart-silent /var/log/rhn /var/cache/rhn \
-        /usr/bin/rhn-sudo-ssl-tool /usr/bin/rhn-sudo-load-ssl-cert
+        /usr/bin/rhn-sudo-ssl-tool /usr/bin/rhn-sudo-load-ssl-cert \
/usr/sbin/tanukiwrapper  fi
 
 %postun
@@ -105,7 +105,7 @@ if [ $1 -eq 0 ]; then
 fi
 
 /sbin/restorecon -rvvi /etc/rhn/satellite-httpd/conf/satidmap.pl \
                %{_sbindir}/rhn-sat-restart-silent /var/log/rhn /var/cache/rhn \
-    %{_bindir}/rhn-sudo-ssl-tool %{_bindir}/rhn-sudo-load-ssl-cert
+    %{_bindir}/rhn-sudo-ssl-tool %{_bindir}/rhn-sudo-load-ssl-cert \
/usr/sbin/tanukiwrapper  
 %files
 %defattr(-,root,root,0755)
diff --git a/selinux/spacewalk-selinux/spacewalk.fc \
b/selinux/spacewalk-selinux/spacewalk.fc index 879f0cc..c987bad 100644
--- a/selinux/spacewalk-selinux/spacewalk.fc
+++ b/selinux/spacewalk-selinux/spacewalk.fc
@@ -20,3 +20,5 @@
 /usr/bin/rhn-sudo-load-ssl-cert \
gen_context(system_u:object_r:httpd_unconfined_script_exec_t,s0)  
 /var/log/spacewalk/schema-upgrade(/.*)? \
gen_context(user_u:object_r:oracle_sqlplus_log_t,s0) +
+/usr/sbin/tanukiwrapper gen_context(system_u:object_r:java_exec_t,s0)


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic