On 09/24/2014 06:02 PM, thierry bordaz wrote:
On 08/15/2014 10:40 PM, Petr Viktorin wrote:
A fix for https://fedorahosted.org/freeipa/ticket/4157

This depends on my patches 0631-0632 (for backup/restore integration
tests).


Our setsebool code was repeated a few times. Instead of adding another
copy, I refactored what we have into a platform task.
I fixed two old setsebool tickets while I was at it:
https://fedorahosted.org/freeipa/ticket/2519
https://fedorahosted.org/freeipa/ticket/2934

Since ipaplatform should not depend on ipalib, and I needed a new
exception type, I added a new module, ipapython.errors. This might not
be the best name, since it could be confused with ipalib.errors.
Opinions welcome.


As for the second patch: ideally, rather than what I do with `if
'ADTRUST' in self.backup_services`, we'd get the list of booleans
directly from the *instance modules, or even tell the individual
services to restore themselves. But, that refactoring looks like too
much to do now.

Filed easyfix: https://fedorahosted.org/freeipa/ticket/4571


The first patch looks good to me. Just a minor comment. The test and run
of 'paths.SELINUXENABLED' is present several times in tasks.py and
fedora. Does it worth to refactor it ?

About the second patch, something I do not understand.
restore_selinux_booleans resets the selinux boolean to the values that
are taken from SELINUX_BOOLEAN_SETTINGS in the instance (http/ad) . Does
that mean this dict has been updated with the original values (using
'backup_func' in set_selinux_booleans ?).

This is restoring an IPA installation, not restoring the system to a pre-IPA state.
The settings need to be the same as if IPA was being installed.


--
PetrĀ³

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to