Ade,
I successfully installed a CA, KRA, OCSP, and TKS using command-line
pkispawn with a configuration file.
Thus far, I have provided a Karma point for TPS and for RA; currently
having trouble with pki-console (due to my X Display not working, not
the package itself).
Once you re-spin pki-core, I can perform a GUI install of these
subsystems and provide a karma point for both pki-coreand
dogtag-pki-theme (once I confirm that console is working).
After this, in order to confirm that dogtag-pki is working, I will need
to remove all of the packages from my system and configure it to point
to the appropriate test repo to make certain that it will grab the
correct versions of Dogtag.
Per your request, here are the TPS and RA AVC's showing up in the
audit.log (I installed the TPS prior to the RA without cleaning the
audit log):*
*
*TPS:*
*# getenforce*
Permissive
*# cat /var/log/audit/audit.log | audit2allow -R*
require {
type httpd_suexec_exec_t;
type pki_tps_t;
class file { read getattr execute };
}
#============= pki_tps_t ==============
allow pki_tps_t httpd_suexec_exec_t:file { read getattr execute };
files_manage_generic_tmp_dirs(pki_tps_t)
files_manage_generic_tmp_files(pki_tps_t)
*RA:*
*# getenforce*
Permissive
*# cat /var/log/audit/audit.log | audit2allow -R*
require {
type pki_tps_t;
type pki_ra_t;
type httpd_suexec_exec_t;
class file { getattr read execute };
}
#============= pki_ra_t ==============
allow pki_ra_t httpd_suexec_exec_t:file { read getattr execute };
files_manage_generic_tmp_dirs(pki_ra_t)
files_manage_generic_tmp_files(pki_ra_t)
#============= pki_tps_t ==============
allow pki_tps_t httpd_suexec_exec_t:file { read getattr execute };
files_manage_generic_tmp_dirs(pki_tps_t)
files_manage_generic_tmp_files(pki_tps_t)
-- Matt