Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
  writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
  SELinux upgrade issues

https://fedorahosted.org/freeipa/ticket/3788

----

SELinux policy build is currently in koji:
http://koji.fedoraproject.org/koji/buildinfo?buildID=434328

bodhi update is planned to be done today as well. I tested both upgrade from
stable F19 version and clean installs and both worked fine.

I would like this patch to be included in upcoming FreeIPA 3.2.2 version.

Martin
From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Wed, 17 Jul 2013 12:13:50 +0200
Subject: [PATCH] Require new selinux-policy replacing old server-selinux
 subpackage

Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
  writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
  SELinux upgrade issues

https://fedorahosted.org/freeipa/ticket/3788
---
 freeipa.spec.in | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -129,7 +129,7 @@ Requires: python-memcached
 Requires: systemd-units >= 38
 Requires(pre): systemd-units
 Requires(post): systemd-units
-Requires: selinux-policy >= 3.11.1-86
+Requires: selinux-policy >= 3.12.1-65
 Requires(post): selinux-policy-base
 Requires: slapi-nis >= 0.44
 Requires: pki-ca >= 10.0.2
@@ -776,6 +776,10 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Wed Jul 17 2013 Martin Kosek <mko...@redhat.com> - 3.2.1-4
+- Require selinux-policy 3.12.1-65 containing missing policy after removal of
+  freeipa-server-selinux subpackage
+
 * Tue Jul 16 2013 Martin Kosek <mko...@redhat.com> - 3.2.1-3
 - Drop freeipa-server-selinux subpackage
 - Drop redundant directory /var/cache/ipa/sessions
-- 
1.8.1.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to