sharing between dogtag and Apache
Rob Crittenden
rcritten at redhat.com
Mon Aug 24 18:23:08 UTC 2009
I'm running dogtag, a certificate server, which can publish CRLs. Right
now I'm writing them within the dogtag context which writes the files as
pki_ca_var_lib_t.
I want to make these available from within Apache so I did:
Alias /ipa/crl /var/lib/pki-ca/publish
Trouble is Apache can't read the files. The simplest route is to simply
grant httpd read/search/getattr access to the directory and files. I've
got that working now.
This grants Apache the rights to read anything in there though, not
really the best solution.
Can I create a new label, say pki_ca_publish_t, and use that to share
between the two? How might I go about doing that?
thanks
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20090824/24898d04/attachment.bin
More information about the selinux
mailing list