Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,

The checks make sure that SELinux is:
  - installed and enabled (on server install)
  - installed and enabled OR not installed (on client install)

Please note that client installs with SELinux not installed are
allowed since freeipa-client package has no dependency on SELinux.
(any objections to this approach?)

The (unsupported) option --allow-no-selinux has been added. It can
used to bypass the checks.

Parts of platform-dependant code were refactored to use newly added
is_selinux_enabled() function.

https://fedorahosted.org/freeipa/ticket/3359

Tomas

I forgot to edit the man pages. Thanks Rob!

Updated patch attached.

Tomas

After a bit of off-line discussion I don't think we're quite ready yet to require SELinux by default on client installations (even with a flag to work around it). The feeling is this would be disruptive to existing automation.

Can you still do the check but not enforce it, simply display a big warning if SELinux is disabled?

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to