URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB

tiran commented:
"""
Maybe it was required back then. 7, 8 years is a long time. Nowadays new files 
are created with correct context:

```
# rm -f /etc/ipa/nssdb/testfile
# touch /etc/ipa/nssdb/testfile
# ls -laZ /etc/ipa/nssdb/testfile 
-rw-r--r--. 1 root root unconfined_u:object_r:cert_t:s0 0 Mar  1 09:08 
/etc/ipa/nssdb/testfile
# restorecon /etc/ipa/nssdb/testfile 
# ls -laZ /etc/ipa/nssdb/testfile 
-rw-r--r--. 1 root root unconfined_u:object_r:cert_t:s0 0 Mar  1 09:08 
/etc/ipa/nssdb/testfile
```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/513#issuecomment-283285289
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to