On 08/22/12 19:51, Ade Lee wrote:
> The last selinux changes checked into dogtag 9 resolved the following
> bug for f17:
> BZ 841966 : latest selinux policy fix breaks dogtag
>
> Unfortunately, it also broke the pki-selinux policy in f16.
>
> The following patches address this. They should be applied in order
> (49,50,52) Basically, 49 reverts the previous change. 50 and 52 adds a
> new patch that will be applied to the pki-selinux code for f17 only.
>
> The new patch has already been uploaded, so you should be able to build.
>
> Please review,
> Thanks,
> Ade
>
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/pki-devel
ACK - because Failures alluded to below were deemed as to not be
caused by these patches.
Tested pre-installed/pre-configured CA, KRA, OCSP, TKS, RA, and TPS
instances on 64-bit Fedora 16 running SELinux in Enforcing mode:
* Successfully restarted CA
* Successfully requested, approved, and issued a
certificate on the CA
* Successfully restarted KRA
* Successfully archived a certificate's keys on the KRA
* Successfully restarted OCSP
* Successfully restarted RA
* Successfully restarted TKS
* Successfully restarted TPS after changing
'/var/lib/pki-tps/conf/CS.cfg' from:
* selftests.container.order.startup=TPSPresence:critical,
TPSSystemCertsVerification:critical to
* selftests.container.order.startup=TPSPresence:critical
* Failure was believed to NOT be related to these
patches as this appears to crash TKS as well
* Successfully restarted TKS after changing
'/var/lib/pki-tks/conf/CS.cfg' from:
* selftests.container.order.startup=TKSKnownSessionKey:critical,
SystemCertsVerification:critical to
* selftests.container.order.startup=SystemCertsVerification:critical
* Failure was believed to NOT be related to these
patches
Built/Installed/Configured/Tested CA, KRA, OCSP, TKS, RA, and TPS
instances on 64-bit Fedora 17 running SELinux in Enforcing mode:
* Successfully restarted KRA
* Successfully archived a certificate's keys on the KRA
* Successfully restarted OCSP
* Successfully restarted RA
* Successfully restarted TKS
* Successfully restarted TPS after changing
'/var/lib/pki-tps/conf/CS.cfg' from:
* selftests.container.order.startup=TPSPresence:critical,
TPSSystemCertsVerification:critical to
* selftests.container.order.startup=TPSPresence:critical
* Failure was believed to NOT be related to these
patches as this appears to crash TKS as well
* Successfully restarted TKS after changing
'/var/lib/pki-tks/conf/CS.cfg' from:
* selftests.container.order.startup=TKSKnownSessionKey:critical,
SystemCertsVerification:critical to
* selftests.container.order.startup=SystemCertsVerification:critical
* Failure was believed to NOT be related to these
patches