sharing between dogtag and Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm running dogtag, a certificate server, which can publish CRLs. Right now I'm writing them within the dogtag context which writes the files as pki_ca_var_lib_t. 

I want to make these available from within Apache so I did:

Alias /ipa/crl /var/lib/pki-ca/publish
Trouble is Apache can't read the files. The simplest route is to simply grant httpd read/search/getattr access to the directory and files. I've got that working now.
This grants Apache the rights to read anything in there though, not really the best solution.
Can I create a new label, say pki_ca_publish_t, and use that to share between the two? How might I go about doing that? 

thanks

rob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux