Re: [Freeipa-devel] [PATCH] 261 Many SELinux fixes
On Fri, 2009-08-28 at 18:06 -0400, Rob Crittenden wrote: The ldapi code I committed yesterday didn't work with SELinux enabled. This patch addresses that. ACK, although the same question as for the other patch wrt initrd_t context for the socket remains. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 261 Many SELinux fixes
The ldapi code I committed yesterday didn't work with SELinux enabled. This patch addresses that. On Python 2.5+ systems the mgmt framework didn't work with SELinux enabled because of the ctypes module. It does all sorts of crazy stuff which makes SELinux absolutely freak out (it tries to execute things in /tmp, for example). This is used by uuid but we have our own local copy any because this isn't included in Python 2.4. ctypes is optional anyway so just disable it. Finally have to disable the SELinux rules for dogtag CRL file publishing. The module would blow up if you don't have dogtag installed. Need to find another way. Disabling for now so the server can once again work in enforcing mode. rob freeipa-261-selinux.patch Description: application/mbox smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel