I'm running dogtag, a certificate server, which can publish CRLs. Right
now I'm writing them within the dogtag context which writes the files as
pki_ca_var_lib_t.
I want to make these available from within Apache so I did:
Alias /ipa/crl /var/lib/pki-ca/publish
Trouble is Apache can't read the files. The simplest route is to simply
grant httpd read/search/getattr access to the directory and files. I've
got that working now.
This grants Apache the rights to read anything in there though, not
really the best solution.
Can I create a new label, say pki_ca_publish_t, and use that to share
between the two? How might I go about doing that?
thanks
rob
Attachments:
- smime.p7s
(application/x-pkcs7-signature — 3.2 KB)
Show replies by thread