On 01/08/13 11:55, Jakub Hrozek wrote: > On Tue, Jan 08, 2013 at 11:49:11AM -0900, Erinn Looney-Triggs wrote: >> On 01/08/13 11:44, Rob Crittenden wrote: >>> Simo Sorce wrote: >>>> On Tue, 2013-01-08 at 19:31 +0000, Steven Jones wrote: >>>>> HI, >>>>> >>>>> I assume RHEL 6.4 is GA shortly just how straigh forward is the >>>>> upgrade from one IPA version to another please? >>>>> regards >>>> >>>> Should just require an rpm upgrade and a restart and nothing else. >>>> >>>> Simo. >>>> >>> >>> If you have multiple servers you'll want to upgrade them one at a time >>> in a short period (days, not weeks). >>> >>> rob >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> Is this the release where SELinux mapping in IPA actually starts working? >> > > Yes (famous last words..) > >> If so that is definitely something to watch out for (I realize this is >> more of an SSSD thing, but still). If you aren't careful and you have >> your users mapped to something like guest_u, well the upgrade can be >> very inconvenient for them. >> >> -Erinn > > I realize that the SELinux mapping was very bad for users and I'm very > sorry I let it through. The SELinux support was pretty much completely > rewritten in 6.4, there are still things I'd like to improve but > functionality-wise, I closed the last known SELinux bug today. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
Eh, stuff breaks, it is the nature of the beast. I was one of the folks that submitted a bug, I know there was talk about putting out notes for the default SELinux user mapping etc. The only thing I would say is make some noise about this. It might be a good idea to send a note to freeipa-announce (which I think exists) and any place else pertinent too, because it was a rather painful learning experience when I was running as guest_u in Fedora 18, it was also pretty hard to diagnose because the utilities at that time didn't reflect what was happening. -Erinn
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
