[pki-core] Resolves Bugzilla Bug #813075 - selinux denial for file size access

Mon Apr 16 22:01:53 UTC 2012

commit 2b1ba5bd3b7e24877bffaea07cce09caf72c28ba
Author: Andrew Wnuk <awnuk at redhat.com>
Date:   Mon Apr 16 15:00:23 2012 -0700

    Resolves Bugzilla Bug #813075 - selinux denial for file size access

 ....patch => pki-core-selinux-Dogtag-9-f17-1.patch |    5 +++--
 pki-core.spec                                      |   14 ++++++++++----
 sources                                            |    2 +-
 3 files changed, 14 insertions(+), 7 deletions(-)
---

diff --git a/pki-core-selinux-Dogtag-9-f17.patch b/pki-core-selinux-Dogtag-9-f17-1.patch
similarity index 90%
rename from pki-core-selinux-Dogtag-9-f17.patch
rename to pki-core-selinux-Dogtag-9-f17-1.patch
index e99ec06..7a012ec 100644
--- a/pki-core-selinux-Dogtag-9-f17.patch
+++ b/pki-core-selinux-Dogtag-9-f17-1.patch
@@ -2,7 +2,7 @@ diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
 index 0709176..20dfc17 100644
 --- a/pki/base/selinux/src/pki.if
 +++ b/pki/base/selinux/src/pki.if
-@@ -206,6 +206,20 @@ template(`pki_ca_template',`
+@@ -206,6 +206,21 @@ template(`pki_ca_template',`
          optional_policy(`
              unconfined_domain($1_script_t)
          ')
@@ -14,6 +14,7 @@ index 0709176..20dfc17 100644
 +        fs_read_hugetlbfs_files($1_t)
 +        hostname_exec($1_t)
 +        kernel_read_kernel_sysctls($1_t)
++        fs_getattr_xattr_fs($1_t)
 +
 +        # java (mislabeled as lib_t?) calls build_classpath
 +        libs_exec_lib_files($1_t)
@@ -29,7 +30,7 @@ index 7f6e657..dab02d4 100644
 +++ b/pki/base/selinux/src/pki.te
 @@ -1,4 +1,4 @@
 -policy_module(pki,9.0.2)
-+policy_module(pki,9.0.3)
++policy_module(pki,9.0.4)
  
  attribute pki_ca_config;
  attribute pki_ca_executable;
diff --git a/pki-core.spec b/pki-core.spec
index 1b848fd..633487d 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -1,6 +1,6 @@
 Name:             pki-core
 Version:          9.0.19
-Release:          1%{?dist}
+Release:          3%{?dist}
 Summary:          Certificate System - PKI Core Components
 URL:              http://pki.fedoraproject.org/
 License:          GPLv2
@@ -28,14 +28,14 @@ BuildRequires:    xalan-j2
 BuildRequires:    xerces-j2
 %if 0%{?fedora} >= 16
 BuildRequires:    jpackage-utils >= 0:1.7.5-10
-BuildRequires:    jss >= 4.2.6-19.1
+BuildRequires:    jss >= 4.2.6-24
 BuildRequires:    osutil >= 2.0.2
 BuildRequires:    systemd-units
 BuildRequires:    tomcatjss >= 6.0.2
 %else
 %if 0%{?fedora} >= 15
 BuildRequires:    jpackage-utils
-BuildRequires:    jss >= 4.2.6-17
+BuildRequires:    jss >= 4.2.6-24
 BuildRequires:    osutil >= 2.0.1
 BuildRequires:    tomcatjss >= 6.0.0
 %else
@@ -49,7 +49,7 @@ BuildRequires:    tomcatjss >= 2.0.0
 Source0:          http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
 
 Patch0:	          %{name}-selinux-Dogtag-9-f16.patch
-Patch1:	          %{name}-selinux-Dogtag-9-f17.patch
+Patch1:	          %{name}-selinux-Dogtag-9-f17-1.patch
 
 %if 0%{?rhel}
 ExcludeArch:      ppc ppc64 s390 s390x
@@ -749,6 +749,12 @@ fi
 
 
 %changelog
+* Mon Apr 16 2012 Ade Lee <alee at redhat.com> 9.0.19-3
+- Bugzilla Bug #813075 - selinux denial for file size access
+
+* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.19-2
+- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
+
 * Fri Mar 16 2012 Ade Lee <alee at redhat.com> 9.0.19-1
 - BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
 - Corrected patch selected for selinux f17 rules
diff --git a/sources b/sources
index 4988d31..2fdd5d9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-698c21a3d9198704d15adfb91f827102  pki-core-9.0.19.tar.gz
+c6d4ebd098c74f36a84008ff101435e1  pki-core-9.0.19.tar.gz
