Pavel's current code base tries to write to /var/cache/ipa/assets/ from
within httpd, which is forbidden by SELinux. I suspect the code in the
mainline might be doing this as well. The work around is:
chcon -R -t httpd_sys_content_rw_t /var/cache/ipa/assets
semanage fcontext -a -t httpd_sys_content_rw_t 'assets'
If we are going to do this kind of code generation, we might want to do
it at install time, or as part of something like
Freeipa-devel mailing list