[Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
Martin Kosek
mkosek at redhat.com
Wed Jul 17 14:28:16 UTC 2013
On 07/17/2013 04:04 PM, Alexander Bokovoy wrote:
> On Wed, 17 Jul 2013, Martin Kosek wrote:
>> Features of the new policy:
>> - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
>> writeable by PKI and readable by HTTPD
>> - contains Conflicts with old freeipa-server-selinux package to avoid
>> SELinux upgrade issues
>>
>> https://fedorahosted.org/freeipa/ticket/3788
>>
>> ----
>>
>> SELinux policy build is currently in koji:
>> http://koji.fedoraproject.org/koji/buildinfo?buildID=434328
>>
>> bodhi update is planned to be done today as well. I tested both upgrade from
>> stable F19 version and clean installs and both worked fine.
>>
>> I would like this patch to be included in upcoming FreeIPA 3.2.2 version.
>>
>> Martin
>
>> From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001
>> From: Martin Kosek <mkosek at redhat.com>
>> Date: Wed, 17 Jul 2013 12:13:50 +0200
>> Subject: [PATCH] Require new selinux-policy replacing old server-selinux
>> subpackage
>>
>> Features of the new policy:
>> - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
>> writeable by PKI and readable by HTTPD
>> - contains Conflicts with old freeipa-server-selinux package to avoid
>> SELinux upgrade issues
>>
>> https://fedorahosted.org/freeipa/ticket/3788
>> ---
>> freeipa.spec.in | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/freeipa.spec.in b/freeipa.spec.in
>> index
>> f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc
>> 100644
>> --- a/freeipa.spec.in
>> +++ b/freeipa.spec.in
>> @@ -129,7 +129,7 @@ Requires: python-memcached
>> Requires: systemd-units >= 38
>> Requires(pre): systemd-units
>> Requires(post): systemd-units
>> -Requires: selinux-policy >= 3.11.1-86
>> +Requires: selinux-policy >= 3.12.1-65
>> Requires(post): selinux-policy-base
>> Requires: slapi-nis >= 0.44
>> Requires: pki-ca >= 10.0.2
>> @@ -776,6 +776,10 @@ fi
>> %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
>>
>> %changelog
>> +* Wed Jul 17 2013 Martin Kosek <mkosek at redhat.com> - 3.2.1-4
>> +- Require selinux-policy 3.12.1-65 containing missing policy after removal of
>> + freeipa-server-selinux subpackage
>> +
>> * Tue Jul 16 2013 Martin Kosek <mkosek at redhat.com> - 3.2.1-3
>> - Drop freeipa-server-selinux subpackage
>> - Drop redundant directory /var/cache/ipa/sessions
>
> ACK
>
Pushed to master (rebased), ipa-3-2.
Martin
More information about the Freeipa-devel
mailing list