On 08/24/2009 02:23 PM, Rob Crittenden wrote:
I'm running dogtag, a certificate server, which can publish CRLs.
Right
now I'm writing them within the dogtag context which writes the files as
pki_ca_var_lib_t.
I want to make these available from within Apache so I did:
Alias /ipa/crl /var/lib/pki-ca/publish
Trouble is Apache can't read the files. The simplest route is to simply
grant httpd read/search/getattr access to the directory and files. I've
got that working now.
This grants Apache the rights to read anything in there though, not
really the best solution.
Can I create a new label, say pki_ca_publish_t, and use that to share
between the two? How might I go about doing that?
thanks
rob
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Why not label them cert_t and allow dogtag to write cert_t.