Correct the InternalTLSVncCAFile to comply with selinux policy
InternalTLSVncCAFile currently defaults to /etc/ipa/vnc.crt. Certmonger attempts to save the CA cert to this path as cert_t, however /etc/ipa is etc_t. Moving to /etc/pki/CA/certs which is cert_t resolves the issue, and is arugably a more suitable location. Change-Id: Ib275fc43dd772851511598a4932c19fcda706479
This commit is contained in:
parent
e57e2e871b
commit
ab78b1fcc1
@ -91,7 +91,7 @@ parameters:
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
InternalTLSVncCAFile:
|
||||
default: '/etc/ipa/vnc.crt'
|
||||
default: '/etc/pki/CA/certs/vnc.crt'
|
||||
type: string
|
||||
description: Specifies the CA cert to use for VNC TLS.
|
||||
LibvirtCACert:
|
||||
|
@ -50,7 +50,7 @@ parameters:
|
||||
enable TLS transaport for libvirt VNC and configure the
|
||||
relevant keys for libvirt.
|
||||
InternalTLSVncCAFile:
|
||||
default: '/etc/ipa/vnc.crt'
|
||||
default: '/etc/pki/CA/certs/vnc.crt'
|
||||
type: string
|
||||
description: Specifies the CA cert to use for VNC TLS.
|
||||
LibvirtVncCACert:
|
||||
|
@ -88,7 +88,7 @@ parameters:
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
InternalTLSVncCAFile:
|
||||
default: '/etc/ipa/vnc.crt'
|
||||
default: '/etc/pki/CA/certs/vnc.crt'
|
||||
type: string
|
||||
description: Specifies the CA cert to use for VNC TLS.
|
||||
LibvirtCACert:
|
||||
|
@ -56,7 +56,7 @@ parameters:
|
||||
enable TLS transaport for libvirt VNC and configure the
|
||||
relevant keys for libvirt.
|
||||
InternalTLSVncCAFile:
|
||||
default: '/etc/ipa/vnc.crt'
|
||||
default: '/etc/pki/CA/certs/vnc.crt'
|
||||
type: string
|
||||
description: Specifies the CA cert to use for VNC TLS.
|
||||
LibvirtVncCACert:
|
||||
|
Loading…
Reference in New Issue
Block a user