[Freeipa-devel] [PATCH] 981 set httpd_manage_ipa
Rob Crittenden
rcritten at redhat.com
Mon Mar 12 15:08:30 UTC 2012
Alexander Bokovoy wrote:
> On Wed, 07 Mar 2012, Rob Crittenden wrote:
>
>> Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
>> enforcing mode.
>>
>> This is being done in the HTTP instance so we can set both booleans
>> in one step and save a bit of time (it is still slow).
> I would prefer all platform-specific manipulations of security
> policies to be moved to platform-specific module.
>
> Make a HTTP class there (like I did dirsrv class in systemd
> backend) and perform manipulations on service enable.
>
> This way main code will stay clear of platform-specific code.
>
> Sorry for not looking into the issue before.
>
I'd prefer to keep the change simple for now and do the big move post 2.2.
rob
More information about the Freeipa-devel
mailing list