[Freeipa-devel] [PATCH] fix selinux configuration for httpd instance
Alexander Bokovoy
abokovoy at redhat.com
Thu Mar 22 13:22:56 UTC 2012
Hi,
attached patch fixes the problem I see with master (and ipa-2-2):
2012-03-22T10:58:34Z DEBUG args=/usr/sbin/setsebool -P httpd_can_network_connect=true httpd_manage_ipa=true
2012-03-22T10:58:34Z DEBUG stdout=
2012-03-22T10:58:34Z DEBUG stderr=setsebool: illegal value true httpd_manage_ipa=true for boolean httpd_can_network_connect
--
/ Alexander Bokovoy
-------------- next part --------------
>From d56f6bda52212b6638c6d0189ecab09b72d8b104 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Thu, 22 Mar 2012 15:18:01 +0200
Subject: [PATCH] When changing multiple booleans with setsebool, pass each of
them separately.
Fixes SELinux configuration for ipa-server-install with selinux-policy 3.10.0-104.fc17.
---
ipaserver/install/httpinstance.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 60d5604..e46d4ed 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -129,8 +129,10 @@ class HTTPInstance(service.Service):
# together so it is speedier.
if vars:
bools = [var + "=true" for var in vars]
+ args = ["/usr/sbin/setsebool", "-P"]
+ args.extend(bools);
try:
- ipautil.run(["/usr/sbin/setsebool", "-P", ' '.join(bools)])
+ ipautil.run(args)
except:
self.print_msg(selinux_warning % dict(var=','.join(vars)))
--
1.7.9.3
More information about the Freeipa-devel
mailing list