Hello, I just rebuilt latest fixed pki-core&tomcat for our Copr (http://copr.fedoraproject.org/coprs/mkosek/freeipa/builds/). We are now very close to having a functional repo for RHEL/CentOS 7.0.
With couple minor changes to the spec file, I was able to install FreeIPA 4.0.3 and it's dependencies to 7.0, ipa-server-install *almost* finished (client installation failed). I filed the remaining issues in https://fedorahosted.org/freeipa/ticket/4562 1. and 3, should be straightforward. However, I wonder about 2. Should FreeIPA Copr be in a business of building system selinux-policy for supported platforms? I personally think it shouldn't as otherwise different Coprs enabled on a system may clash with their system policies. I see 2 paths: 1) The better but very difficult one - for other platforms ship own SELinux policy with rules and changes that are missing in the oldest supported version SELinux policy and that cause AVCs with latest upstream FreeIPA. 2) The worse but easy: Change selinux-policy Requires so that it matches the oldest selinux-policy version and recommend people to run the Copr FreeIPA version with permissive SELinux. Thoughts? Thank you. -- Martin Kosek <mko...@redhat.com> Supervisor, Software Engineering - Identity Management Team Red Hat Inc. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
