URL: https://github.com/freeipa/freeipa/pull/513 Title: #513: certdb: Don't restore_context() of new NSSDB
tiran commented: """ Maybe it was required back then. 7, 8 years is a long time. Nowadays new files are created with correct context: ``` # rm -f /etc/ipa/nssdb/testfile # touch /etc/ipa/nssdb/testfile # ls -laZ /etc/ipa/nssdb/testfile -rw-r--r--. 1 root root unconfined_u:object_r:cert_t:s0 0 Mar 1 09:08 /etc/ipa/nssdb/testfile # restorecon /etc/ipa/nssdb/testfile # ls -laZ /etc/ipa/nssdb/testfile -rw-r--r--. 1 root root unconfined_u:object_r:cert_t:s0 0 Mar 1 09:08 /etc/ipa/nssdb/testfile ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/513#issuecomment-283285289
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code