[Freeipa-devel] FreeIPA on RHEL/CentOS 7.0
Martin Kosek
mkosek at redhat.com
Wed Sep 24 09:00:21 UTC 2014
Hello,
I just rebuilt latest fixed pki-core&tomcat for our Copr
(http://copr.fedoraproject.org/coprs/mkosek/freeipa/builds/). We are now very
close to having a functional repo for RHEL/CentOS 7.0.
With couple minor changes to the spec file, I was able to install FreeIPA 4.0.3
and it's dependencies to 7.0, ipa-server-install *almost* finished (client
installation failed).
I filed the remaining issues in
https://fedorahosted.org/freeipa/ticket/4562
1. and 3, should be straightforward. However, I wonder about 2. Should FreeIPA
Copr be in a business of building system selinux-policy for supported platforms?
I personally think it shouldn't as otherwise different Coprs enabled on a
system may clash with their system policies. I see 2 paths:
1) The better but very difficult one - for other platforms ship own SELinux
policy with rules and changes that are missing in the oldest supported version
SELinux policy and that cause AVCs with latest upstream FreeIPA.
2) The worse but easy: Change selinux-policy Requires so that it matches the
oldest selinux-policy version and recommend people to run the Copr FreeIPA
version with permissive SELinux.
Thoughts?
Thank you.
--
Martin Kosek <mkosek at redhat.com>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
More information about the Freeipa-devel
mailing list