[Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
Alexander Bokovoy
abokovoy at redhat.com
Wed Jul 17 14:04:14 UTC 2013
On Wed, 17 Jul 2013, Martin Kosek wrote:
>Features of the new policy:
>- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
> writeable by PKI and readable by HTTPD
>- contains Conflicts with old freeipa-server-selinux package to avoid
> SELinux upgrade issues
>
>https://fedorahosted.org/freeipa/ticket/3788
>
>----
>
>SELinux policy build is currently in koji:
>http://koji.fedoraproject.org/koji/buildinfo?buildID=434328
>
>bodhi update is planned to be done today as well. I tested both upgrade from
>stable F19 version and clean installs and both worked fine.
>
>I would like this patch to be included in upcoming FreeIPA 3.2.2 version.
>
>Martin
>From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001
>From: Martin Kosek <mkosek at redhat.com>
>Date: Wed, 17 Jul 2013 12:13:50 +0200
>Subject: [PATCH] Require new selinux-policy replacing old server-selinux
> subpackage
>
>Features of the new policy:
>- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
> writeable by PKI and readable by HTTPD
>- contains Conflicts with old freeipa-server-selinux package to avoid
> SELinux upgrade issues
>
>https://fedorahosted.org/freeipa/ticket/3788
>---
> freeipa.spec.in | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
>diff --git a/freeipa.spec.in b/freeipa.spec.in
>index f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc 100644
>--- a/freeipa.spec.in
>+++ b/freeipa.spec.in
>@@ -129,7 +129,7 @@ Requires: python-memcached
> Requires: systemd-units >= 38
> Requires(pre): systemd-units
> Requires(post): systemd-units
>-Requires: selinux-policy >= 3.11.1-86
>+Requires: selinux-policy >= 3.12.1-65
> Requires(post): selinux-policy-base
> Requires: slapi-nis >= 0.44
> Requires: pki-ca >= 10.0.2
>@@ -776,6 +776,10 @@ fi
> %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
>
> %changelog
>+* Wed Jul 17 2013 Martin Kosek <mkosek at redhat.com> - 3.2.1-4
>+- Require selinux-policy 3.12.1-65 containing missing policy after removal of
>+ freeipa-server-selinux subpackage
>+
> * Tue Jul 16 2013 Martin Kosek <mkosek at redhat.com> - 3.2.1-3
> - Drop freeipa-server-selinux subpackage
> - Drop redundant directory /var/cache/ipa/sessions
ACK
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list