Re: [Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
On 07/17/2013 04:04 PM, Alexander Bokovoy wrote: > On Wed, 17 Jul 2013, Martin Kosek wrote: >> Features of the new policy: >> - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is >> writeable by PKI and readable by HTTPD >> - contains Conflicts with old freeipa-server-selinux package to avoid >> SELinux upgrade issues >> >> https://fedorahosted.org/freeipa/ticket/3788 >> >> >> >> SELinux policy build is currently in koji: >> http://koji.fedoraproject.org/koji/buildinfo?buildID=434328 >> >> bodhi update is planned to be done today as well. I tested both upgrade from >> stable F19 version and clean installs and both worked fine. >> >> I would like this patch to be included in upcoming FreeIPA 3.2.2 version. >> >> Martin > >> From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001 >> From: Martin Kosek >> Date: Wed, 17 Jul 2013 12:13:50 +0200 >> Subject: [PATCH] Require new selinux-policy replacing old server-selinux >> subpackage >> >> Features of the new policy: >> - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is >> writeable by PKI and readable by HTTPD >> - contains Conflicts with old freeipa-server-selinux package to avoid >> SELinux upgrade issues >> >> https://fedorahosted.org/freeipa/ticket/3788 >> --- >> freeipa.spec.in | 6 +- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/freeipa.spec.in b/freeipa.spec.in >> index >> f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc >> 100644 >> --- a/freeipa.spec.in >> +++ b/freeipa.spec.in >> @@ -129,7 +129,7 @@ Requires: python-memcached >> Requires: systemd-units >= 38 >> Requires(pre): systemd-units >> Requires(post): systemd-units >> -Requires: selinux-policy >= 3.11.1-86 >> +Requires: selinux-policy >= 3.12.1-65 >> Requires(post): selinux-policy-base >> Requires: slapi-nis >= 0.44 >> Requires: pki-ca >= 10.0.2 >> @@ -776,6 +776,10 @@ fi >> %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt >> >> %changelog >> +* Wed Jul 17 2013 Martin Kosek - 3.2.1-4 >> +- Require selinux-policy 3.12.1-65 containing missing policy after removal >> of >> + freeipa-server-selinux subpackage >> + >> * Tue Jul 16 2013 Martin Kosek - 3.2.1-3 >> - Drop freeipa-server-selinux subpackage >> - Drop redundant directory /var/cache/ipa/sessions > > ACK > Pushed to master (rebased), ipa-3-2. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
On Wed, 17 Jul 2013, Martin Kosek wrote: Features of the new policy: - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is writeable by PKI and readable by HTTPD - contains Conflicts with old freeipa-server-selinux package to avoid SELinux upgrade issues https://fedorahosted.org/freeipa/ticket/3788 SELinux policy build is currently in koji: http://koji.fedoraproject.org/koji/buildinfo?buildID=434328 bodhi update is planned to be done today as well. I tested both upgrade from stable F19 version and clean installs and both worked fine. I would like this patch to be included in upcoming FreeIPA 3.2.2 version. Martin From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Wed, 17 Jul 2013 12:13:50 +0200 Subject: [PATCH] Require new selinux-policy replacing old server-selinux subpackage Features of the new policy: - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is writeable by PKI and readable by HTTPD - contains Conflicts with old freeipa-server-selinux package to avoid SELinux upgrade issues https://fedorahosted.org/freeipa/ticket/3788 --- freeipa.spec.in | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -129,7 +129,7 @@ Requires: python-memcached Requires: systemd-units >= 38 Requires(pre): systemd-units Requires(post): systemd-units -Requires: selinux-policy >= 3.11.1-86 +Requires: selinux-policy >= 3.12.1-65 Requires(post): selinux-policy-base Requires: slapi-nis >= 0.44 Requires: pki-ca >= 10.0.2 @@ -776,6 +776,10 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Wed Jul 17 2013 Martin Kosek - 3.2.1-4 +- Require selinux-policy 3.12.1-65 containing missing policy after removal of + freeipa-server-selinux subpackage + * Tue Jul 16 2013 Martin Kosek - 3.2.1-3 - Drop freeipa-server-selinux subpackage - Drop redundant directory /var/cache/ipa/sessions ACK -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
Features of the new policy: - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is writeable by PKI and readable by HTTPD - contains Conflicts with old freeipa-server-selinux package to avoid SELinux upgrade issues https://fedorahosted.org/freeipa/ticket/3788 SELinux policy build is currently in koji: http://koji.fedoraproject.org/koji/buildinfo?buildID=434328 bodhi update is planned to be done today as well. I tested both upgrade from stable F19 version and clean installs and both worked fine. I would like this patch to be included in upcoming FreeIPA 3.2.2 version. Martin From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Wed, 17 Jul 2013 12:13:50 +0200 Subject: [PATCH] Require new selinux-policy replacing old server-selinux subpackage Features of the new policy: - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is writeable by PKI and readable by HTTPD - contains Conflicts with old freeipa-server-selinux package to avoid SELinux upgrade issues https://fedorahosted.org/freeipa/ticket/3788 --- freeipa.spec.in | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -129,7 +129,7 @@ Requires: python-memcached Requires: systemd-units >= 38 Requires(pre): systemd-units Requires(post): systemd-units -Requires: selinux-policy >= 3.11.1-86 +Requires: selinux-policy >= 3.12.1-65 Requires(post): selinux-policy-base Requires: slapi-nis >= 0.44 Requires: pki-ca >= 10.0.2 @@ -776,6 +776,10 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Wed Jul 17 2013 Martin Kosek - 3.2.1-4 +- Require selinux-policy 3.12.1-65 containing missing policy after removal of + freeipa-server-selinux subpackage + * Tue Jul 16 2013 Martin Kosek - 3.2.1-3 - Drop freeipa-server-selinux subpackage - Drop redundant directory /var/cache/ipa/sessions -- 1.8.1.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel