[389-commits] selinux/dirsrv-admin.te

Tue Jan 4 23:37:59 UTC 2011

selinux/dirsrv-admin.te |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 6d86721d58f9dd150c970f61911c8a8bc2c8c050
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Tue Jan 4 15:03:29 2011 -0800

    Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
    
    On RHEL5, starting the dirsrv-admin service with SELinux enabled
    will cause httpd child processes to repeatedly crash.  The context
    used by the dirsrv-admin start scripts needs some additional
    process capabilities to fix this problem.

diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te
index 51c2dc6..4c842d9 100644
--- a/selinux/dirsrv-admin.te
+++ b/selinux/dirsrv-admin.te
@@ -78,7 +78,7 @@ ifdef(`targeted_policy',`
 
 # Needed for stop and restart scripts
 dirsrv_read_var_run(dirsrvadmin_t)
-allow dirsrvadmin_t httpd_t:process signal;
+allow dirsrvadmin_t httpd_t:process { signal siginh rlimitinh noatsecure };
 allow dirsrvadmin_t httpd_var_run_t:file read_file_perms;
 
 ########################################


