I have to do a couple of tricks here because dogtag is an optional component. This is why in the installer I first see if the dogtag SELinux policy is installed and if not add it. Similarly the installer will remove it upon uninstall.
The policy itself just lets dogtag write to some Apache-labeled directories. dogtag uses symlinks to mark the latest CRL hence the permissions for links.
rob
freeipa-285-crl.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel