Correct the InternalTLSVncCAFile to comply with selinux policy

InternalTLSVncCAFile currently defaults to /etc/ipa/vnc.crt.
Certmonger attempts to save the CA cert to this path as cert_t, however
/etc/ipa is etc_t.
Moving to /etc/pki/CA/certs which is cert_t resolves the issue, and is
arugably a more suitable location.

Change-Id: Ib275fc43dd772851511598a4932c19fcda706479
This commit is contained in:
Oliver Walsh 2018-04-06 17:37:53 +01:00
parent e57e2e871b
commit ab78b1fcc1
4 changed files with 4 additions and 4 deletions

View File

@ -91,7 +91,7 @@ parameters:
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt'
default: '/etc/pki/CA/certs/vnc.crt'
type: string
description: Specifies the CA cert to use for VNC TLS.
LibvirtCACert:

View File

@ -50,7 +50,7 @@ parameters:
enable TLS transaport for libvirt VNC and configure the
relevant keys for libvirt.
InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt'
default: '/etc/pki/CA/certs/vnc.crt'
type: string
description: Specifies the CA cert to use for VNC TLS.
LibvirtVncCACert:

View File

@ -88,7 +88,7 @@ parameters:
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt'
default: '/etc/pki/CA/certs/vnc.crt'
type: string
description: Specifies the CA cert to use for VNC TLS.
LibvirtCACert:

View File

@ -56,7 +56,7 @@ parameters:
enable TLS transaport for libvirt VNC and configure the
relevant keys for libvirt.
InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt'
default: '/etc/pki/CA/certs/vnc.crt'
type: string
description: Specifies the CA cert to use for VNC TLS.
LibvirtVncCACert: