On 01/08/13 11:55, Jakub Hrozek wrote:
> On Tue, Jan 08, 2013 at 11:49:11AM -0900, Erinn Looney-Triggs wrote:
>> On 01/08/13 11:44, Rob Crittenden wrote:
>>> Simo Sorce wrote:
>>>> On Tue, 2013-01-08 at 19:31 +0000, Steven Jones wrote:
>>>>> HI,
>>>>>
>>>>> I assume RHEL 6.4 is GA shortly just how straigh forward is the
>>>>> upgrade from one IPA version to another please?
>>>>> regards
>>>>
>>>> Should just require an rpm upgrade and a restart and nothing else.
>>>>
>>>> Simo.
>>>>
>>>
>>> If you have multiple servers you'll want to upgrade them one at a time
>>> in a short period (days, not weeks).
>>>
>>> rob
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> Is this the release where SELinux mapping in IPA actually starts working?
>>
> 
> Yes (famous last words..)
> 
>> If so that is definitely something to watch out for (I realize this is
>> more of an SSSD thing, but still). If you aren't careful and you have
>> your users mapped to something like guest_u, well the upgrade can be
>> very inconvenient for them.
>>
>> -Erinn
> 
> I realize that the SELinux mapping was very bad for users and I'm very
> sorry I let it through. The SELinux support was pretty much completely
> rewritten in 6.4, there are still things I'd like to improve but
> functionality-wise, I closed the last known SELinux bug today.
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

Eh, stuff breaks, it is the nature of the beast.

I was one of the folks that submitted a bug, I know there was talk about
putting out notes for the default SELinux user mapping etc. The only
thing I would say is make some noise about this. It might be a good idea
to send a note to freeipa-announce (which I think exists) and any place
else pertinent too, because it was a rather painful learning experience
when I was running as guest_u in Fedora 18, it was also pretty hard to
diagnose because the utilities at that time didn't reflect what was
happening.

-Erinn


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to