Merge pull request #16 from mikedep333/etc-fixes

Problem: pulpcore-selinux fails to build due to unknown type pulpcore…
pulp · Sep 28, 2020 · 496240e · 496240e
2 parents 32edc8f + 9a3e3fc
commit 496240e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/pulpcore.fc b/pulpcore.fc
@@ -1,3 +1,13 @@
+# label for both nginx & apache
+/etc/pulp/certs(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
+/etc/pulp/settings.py			gen_context(system_u:object_r:pulpcore_etc_t,s0)
+/etc/pulp/token_private_key.pem			gen_context(system_u:object_r:pulpcore_etc_t,s0)
+/etc/pulp/token_public_key.pem			gen_context(system_u:object_r:pulpcore_etc_t,s0)
+# The installer prior to 2020-08-20 used these 2 token paths. Clean up once dev
+# instance is deleted.
+/etc/pulp/private_key.pem			gen_context(system_u:object_r:pulpcore_etc_t,s0)
+/etc/pulp/public_key.pem			gen_context(system_u:object_r:pulpcore_etc_t,s0)
+
 /usr/bin/rq		--	gen_context(system_u:object_r:pulpcore_exec_t,s0)
 /usr/bin/gunicorn	--	gen_context(system_u:object_r:pulpcore_server_exec_t,s0)
 

diff --git a/pulpcore.te b/pulpcore.te
@@ -17,6 +17,9 @@ init_daemon_domain(pulpcore_server_t, pulpcore_server_exec_t)
 init_nnp_daemon_domain(pulpcore_server_t)
 permissive pulpcore_server_t;
 
+type pulpcore_etc_t;
+files_config_file(pulpcore_etc_t)
+
 type pulpcore_var_lib_t;
 files_type(pulpcore_var_lib_t)
 type pulpcore_server_var_lib_t;