[Freeipa-devel] [PATCH] Handle selinux failure
Rob Crittenden
rcritten at redhat.com
Wed Oct 24 15:37:32 UTC 2007
Karl MacMillan wrote:
> # HG changeset patch
> # User "Karl MacMillan <kmacmill at redhat.com>"
> # Date 1193235029 14400
> # Node ID 9ff6cec98d764acbaefe915e0da63d29cd72cea1
> # Parent d474654ca48ff4d36dffca6a94ac88ed0e441586
> Handle selinux failure
>
> Ignore errors if setsebool fails and print a warning.
>
> diff -r d474654ca48f -r 9ff6cec98d76 ipa-server/ipa-install/ipa-server-install
> --- a/ipa-server/ipa-install/ipa-server-install Wed Oct 24 10:04:43 2007 -0400
> +++ b/ipa-server/ipa-install/ipa-server-install Wed Oct 24 10:10:29 2007 -0400
> @@ -554,7 +554,16 @@ def main():
>
> if selinux:
> # Allow apache to connect to the turbogears web gui
> - run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"])
> + # This can still fail even if selinux is enabled
> + try:
> + run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"])
> + except:
> + print "WARNING: could not set selinux boolean httpd_can_network_connect to true."
> + print "The web interface may not function correctly until this boolean is"
> + print "successfully change with the command:"
> + print " /usr/sbin/setsebool -P httpd_can_network_connect true"
> + print "Try updating the policycoreutils and selinux-policy packages."
> + pass
>
> # Start the web gui
> run(["/sbin/service", "ipa-webgui", "start"])
Um, shouldn't we just have some minimum required version? If we know a
setup isn't going to work should we really let them proceed?
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071024/a7904472/attachment.bin>
More information about the Freeipa-devel
mailing list