Re: [Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
On 07/17/2013 04:04 PM, Alexander Bokovoy wrote:
> On Wed, 17 Jul 2013, Martin Kosek wrote:
>> Features of the new policy:
>> - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
>> writeable by PKI and readable by HTTPD
>> - contains Conflicts with old freeipa-server-selinux package to avoid
>> SELinux upgrade issues
>>
>> https://fedorahosted.org/freeipa/ticket/3788
>>
>>
>>
>> SELinux policy build is currently in koji:
>> http://koji.fedoraproject.org/koji/buildinfo?buildID=434328
>>
>> bodhi update is planned to be done today as well. I tested both upgrade from
>> stable F19 version and clean installs and both worked fine.
>>
>> I would like this patch to be included in upcoming FreeIPA 3.2.2 version.
>>
>> Martin
>
>> From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001
>> From: Martin Kosek
>> Date: Wed, 17 Jul 2013 12:13:50 +0200
>> Subject: [PATCH] Require new selinux-policy replacing old server-selinux
>> subpackage
>>
>> Features of the new policy:
>> - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
>> writeable by PKI and readable by HTTPD
>> - contains Conflicts with old freeipa-server-selinux package to avoid
>> SELinux upgrade issues
>>
>> https://fedorahosted.org/freeipa/ticket/3788
>> ---
>> freeipa.spec.in | 6 +-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/freeipa.spec.in b/freeipa.spec.in
>> index
>> f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc
>> 100644
>> --- a/freeipa.spec.in
>> +++ b/freeipa.spec.in
>> @@ -129,7 +129,7 @@ Requires: python-memcached
>> Requires: systemd-units >= 38
>> Requires(pre): systemd-units
>> Requires(post): systemd-units
>> -Requires: selinux-policy >= 3.11.1-86
>> +Requires: selinux-policy >= 3.12.1-65
>> Requires(post): selinux-policy-base
>> Requires: slapi-nis >= 0.44
>> Requires: pki-ca >= 10.0.2
>> @@ -776,6 +776,10 @@ fi
>> %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
>>
>> %changelog
>> +* Wed Jul 17 2013 Martin Kosek - 3.2.1-4
>> +- Require selinux-policy 3.12.1-65 containing missing policy after removal
>> of
>> + freeipa-server-selinux subpackage
>> +
>> * Tue Jul 16 2013 Martin Kosek - 3.2.1-3
>> - Drop freeipa-server-selinux subpackage
>> - Drop redundant directory /var/cache/ipa/sessions
>
> ACK
>
Pushed to master (rebased), ipa-3-2.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
On Wed, 17 Jul 2013, Martin Kosek wrote:
Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
SELinux upgrade issues
https://fedorahosted.org/freeipa/ticket/3788
SELinux policy build is currently in koji:
http://koji.fedoraproject.org/koji/buildinfo?buildID=434328
bodhi update is planned to be done today as well. I tested both upgrade from
stable F19 version and clean installs and both worked fine.
I would like this patch to be included in upcoming FreeIPA 3.2.2 version.
Martin
From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001
From: Martin Kosek
Date: Wed, 17 Jul 2013 12:13:50 +0200
Subject: [PATCH] Require new selinux-policy replacing old server-selinux
subpackage
Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
SELinux upgrade issues
https://fedorahosted.org/freeipa/ticket/3788
---
freeipa.spec.in | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index
f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc
100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -129,7 +129,7 @@ Requires: python-memcached
Requires: systemd-units >= 38
Requires(pre): systemd-units
Requires(post): systemd-units
-Requires: selinux-policy >= 3.11.1-86
+Requires: selinux-policy >= 3.12.1-65
Requires(post): selinux-policy-base
Requires: slapi-nis >= 0.44
Requires: pki-ca >= 10.0.2
@@ -776,6 +776,10 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Wed Jul 17 2013 Martin Kosek - 3.2.1-4
+- Require selinux-policy 3.12.1-65 containing missing policy after removal of
+ freeipa-server-selinux subpackage
+
* Tue Jul 16 2013 Martin Kosek - 3.2.1-3
- Drop freeipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
ACK
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 414 Require new selinux-policy replacing old server-selinux subpackage
Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
SELinux upgrade issues
https://fedorahosted.org/freeipa/ticket/3788
SELinux policy build is currently in koji:
http://koji.fedoraproject.org/koji/buildinfo?buildID=434328
bodhi update is planned to be done today as well. I tested both upgrade from
stable F19 version and clean installs and both worked fine.
I would like this patch to be included in upcoming FreeIPA 3.2.2 version.
Martin
From e0ad6af118eacf06c32f870106dc3d6159adcc66 Mon Sep 17 00:00:00 2001
From: Martin Kosek
Date: Wed, 17 Jul 2013 12:13:50 +0200
Subject: [PATCH] Require new selinux-policy replacing old server-selinux
subpackage
Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
SELinux upgrade issues
https://fedorahosted.org/freeipa/ticket/3788
---
freeipa.spec.in | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index f0f1fc6a266847e1d99a895605ed6084f080b7d4..b45525996e8b0e00397e975dc93a46bd4928bdbc 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -129,7 +129,7 @@ Requires: python-memcached
Requires: systemd-units >= 38
Requires(pre): systemd-units
Requires(post): systemd-units
-Requires: selinux-policy >= 3.11.1-86
+Requires: selinux-policy >= 3.12.1-65
Requires(post): selinux-policy-base
Requires: slapi-nis >= 0.44
Requires: pki-ca >= 10.0.2
@@ -776,6 +776,10 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Wed Jul 17 2013 Martin Kosek - 3.2.1-4
+- Require selinux-policy 3.12.1-65 containing missing policy after removal of
+ freeipa-server-selinux subpackage
+
* Tue Jul 16 2013 Martin Kosek - 3.2.1-3
- Drop freeipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
--
1.8.1.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
