[389-commits] selinux/dirsrv-admin.te
Nathan Kinder
nkinder at fedoraproject.org
Tue Jan 4 23:37:59 UTC 2011
selinux/dirsrv-admin.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 6d86721d58f9dd150c970f61911c8a8bc2c8c050
Author: Nathan Kinder <nkinder at redhat.com>
Date: Tue Jan 4 15:03:29 2011 -0800
Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
On RHEL5, starting the dirsrv-admin service with SELinux enabled
will cause httpd child processes to repeatedly crash. The context
used by the dirsrv-admin start scripts needs some additional
process capabilities to fix this problem.
diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te
index 51c2dc6..4c842d9 100644
--- a/selinux/dirsrv-admin.te
+++ b/selinux/dirsrv-admin.te
@@ -78,7 +78,7 @@ ifdef(`targeted_policy',`
# Needed for stop and restart scripts
dirsrv_read_var_run(dirsrvadmin_t)
-allow dirsrvadmin_t httpd_t:process signal;
+allow dirsrvadmin_t httpd_t:process { signal siginh rlimitinh noatsecure };
allow dirsrvadmin_t httpd_var_run_t:file read_file_perms;
########################################
More information about the 389-commits
mailing list