freeipa-server-selinux was getting installed before freeipa-server which caused some SELinux contexts to not be set properly.

The existing Requires we had used to fix things, perhaps a change in rpm caused this to break, who knows. I'm not even sure when this stopped working.

I added an extra postun rule so that the server-selinux package is removed as a dependency when you do a yum erase freeipa-python.

>From f17f96510a07b360e189b305b01536d3bfe21ee7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <>
Date: Thu, 15 Sep 2011 15:57:41 -0400
Subject: [PATCH] Change the Requires for the server and server-selinux for proper order

The server package needs to be installed before the server-selinux
package otherwise the SELinux contexts won't get set properly.

The (postun) is so you can continue to do yum erase freeipa-python
and it will pick up everything else.
--- |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ b/
index 940b009..d4f3ac6 100644
--- a/
+++ b/
@@ -84,7 +84,7 @@ Group: System Environment/Base
 Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
-Requires(post): %{name}-server-selinux = %{version}-%{release}
+Requires: %{name}-server-selinux = %{version}-%{release}
 Requires(pre): 389-ds-base >=
 Requires: openldap-clients
 Requires: nss
@@ -144,7 +144,8 @@ this package).
 %package server-selinux
 Summary: SELinux rules for freeipa-server daemons
 Group: System Environment/Base
-Requires: %{name}-server = %{version}-%{release}
+Requires(post): %{name}-server = %{version}-%{release}
+Requires(postun): %{name}-server = %{version}-%{release}
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
 Obsoletes: ipa-server-selinux >= 1.0

Freeipa-devel mailing list

Reply via email to