On 07/17/2015 01:46 PM, Petr Vobornik wrote:
On 07/17/2015 01:44 PM, Alexander Bokovoy wrote:
On Fri, 17 Jul 2015, Martin Basti wrote:
From b05f4a2e17ae00e5c20e5eb7bd046472f100e0ad Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 15 Jul 2015 16:20:59 +0200
Subject: [PATCH] sysrestore: copy files instead of moving them to avoind
SELinux issues


Pushed to:
master: 9f701283534745bf93b41a1886183e9ef1d06566
ipa-4-2: 92a73e8b2a5f26744b036a36de4b9956e8883f61

Does it really fix the whole ticket?

There is also in freeipa.spec.in %post client (i.e. upgrade):

            cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
            mv /etc/krb5.conf.ipanew /etc/krb5.conf
            /sbin/restorecon /etc/krb5.conf

+ some others.

Between the mv and restorecon, SSSD tries to access the file and raises AVC.

In this case we can freely use mv -z since target platforms are Fedora and newest RHEL.
Petr Vobornik

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to