Attached patch fixes an upgrade issue with mismatched SELinux labels
(see commit comment).
Fixes ticket #4815
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 221b644485e04ebaac8370167b449b2998bda9da Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Tue, 16 Dec 2014 14:47:42 -0500
Subject: [PATCH] Remove the removal of the ccache
It is not necessary to remove the ccache on upgrades on modern IPA
servers, even if the ccache contains stale data either it is re-initialized by
mod_auth_kerb or a new ccache collection is created (if completely unrelated
credentials were present), at least when using DIR or keyring ccaches.
This line causes wrong SELinux labels to be set in the kernel keyring on
uprades, which the cause the apache server to fail to use th ccache.
Fixes: #4815
---
install/tools/ipa-upgradeconfig | 1 -
1 file changed, 1 deletion(-)
mode change 100644 => 100755 install/tools/ipa-upgradeconfig
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
old mode 100644
new mode 100755
index c25ab5431fb39945aa4f7a4bfe55d77f3a1791db..71fe5195d7e8dc1f46b50bef40d08b205ff607fb
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -1337,7 +1337,6 @@ def main():
fstore.restore_file(removed_sysconfig_file)
http = httpinstance.HTTPInstance(fstore)
- http.remove_httpd_ccache()
http.configure_selinux_for_httpd()
http.change_mod_nss_port_from_http()
--
2.1.0
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
