Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:

The checks make sure that SELinux is:
  - installed and enabled (on server install)
  - installed and enabled OR not installed (on client install)

Please note that client installs with SELinux not installed are
allowed since freeipa-client package has no dependency on SELinux.
(any objections to this approach?)

The (unsupported) option --allow-no-selinux has been added. It can
used to bypass the checks.

Parts of platform-dependant code were refactored to use newly added
is_selinux_enabled() function.


I forgot to edit the man pages. Thanks Rob!

Updated patch attached.


After a bit of off-line discussion I don't think we're quite ready yet to require SELinux by default on client installations (even with a flag to work around it). The feeling is this would be disruptive to existing automation.

Can you still do the check but not enforce it, simply display a big warning if SELinux is disabled?


Freeipa-devel mailing list

Reply via email to