Hi,

attached patch fixes the problem I see with master (and ipa-2-2):

2012-03-22T10:58:34Z DEBUG args=/usr/sbin/setsebool -P 
httpd_can_network_connect=true httpd_manage_ipa=true
2012-03-22T10:58:34Z DEBUG stdout=
2012-03-22T10:58:34Z DEBUG stderr=setsebool: illegal value true 
httpd_manage_ipa=true for boolean httpd_can_network_connect

--
/ Alexander Bokovoy
>From d56f6bda52212b6638c6d0189ecab09b72d8b104 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Thu, 22 Mar 2012 15:18:01 +0200
Subject: [PATCH] When changing multiple booleans with setsebool, pass each of
 them separately.

Fixes SELinux configuration for ipa-server-install with selinux-policy 
3.10.0-104.fc17.
---
 ipaserver/install/httpinstance.py |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/httpinstance.py 
b/ipaserver/install/httpinstance.py
index 60d5604..e46d4ed 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -129,8 +129,10 @@ class HTTPInstance(service.Service):
             # together so it is speedier.
             if vars:
                 bools = [var + "=true" for var in vars]
+                args = ["/usr/sbin/setsebool", "-P"]
+                args.extend(bools);
                 try:
-                    ipautil.run(["/usr/sbin/setsebool", "-P", ' '.join(bools)])
+                    ipautil.run(args)
                 except:
                     self.print_msg(selinux_warning % dict(var=','.join(vars)))
 
-- 
1.7.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to