URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
MartinBasti commented:
"""
master:
* a163ad77b3d12f2da2b135de29f594c06190b41a certdb: Don't restore_context() of
new NSSDB
"""
See the full comment at
https://github.com/freeipa/freeipa
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
MartinBasti commented:
"""
Ok, I agree
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/513#issuecomment-283285379
--
Manage your subscription for the Freeipa-devel ma
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
tiran commented:
"""
Maybe it was required back then. 7, 8 years is a long time. Nowadays new files
are created with correct context:
```
# rm -f /etc/ipa/nssdb/testfile
# touch /etc/ipa/
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
stlaz commented:
"""
I don't see how this could break anything given that it's been used like that
for ages prior to priv-sep patches.
"""
See the full comment at
https://github.com/free
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
MartinBasti commented:
"""
This is old code, initially added here 49b36583a50e7f542e0667f3e2432ab1aa63924e
But I failed to detect why restorecon call has been added for new databases.
LGT
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
tiran commented:
"""
I also dropped =1 check. http://man7.org/linux/man-pages/man2/chown.2.html
> If the owner or group is specified as -1, then that ID is not changed.
"""
See the full c