[Freeipa-devel] [PATCH] 0283-enable-proxy-for-dogtag
Adam Young
ayoung at redhat.com
Fri Aug 26 21:41:07 UTC 2011
On 08/26/2011 02:34 PM, Simo Sorce wrote:
> On Fri, 2011-08-26 at 14:03 -0400, Simo Sorce wrote:
>> On Fri, 2011-08-26 at 12:45 -0400, Adam Young wrote:
>>> On 08/25/2011 05:24 PM, Adam Young wrote:
>>>> Uses the updated version of pkicreate which makes an ipa specific
>>>> proxy config file.
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> The test for the proxy file in /etc/httpd/conf.d was "isfile' but
>>> since the file is actually a symlink, it needs to be "islink". This
>>> one checks for either.
>> Nack, install fails after configuring the http service.
>> Restart bails out
>>
>> using export SYSTEMCL_SKIP_REDIRECT=1 to get systemd out of the way (it
>> was suppressing the error output) I get an permission denied error
>> trying to open /etc/httpd/conf.d/proxy-ipa.conf
>> That's a symlink into /etc/pki-ca/proxy-ipa.conf which is a file owned
>> by pkiuser:pkiuser with permission 660 (therefore not readable by the
>> apache user).
> Ok it turns out permissions are not the real issue as the file is read
> while apache is till root, it's a selinux issue.
> Apache starts if I setenforce 0
>
> Still a NAck of course, it needs to work with selinux in enforcing mode
>
> Simo.
>
This version owns the proxy config file. It works with setenforce 0,
but does not work with SELinux, so, preemptive-nack. But I will be gone
for a week, so if someone wants to pick this up and run with it, start
from here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-admiyo-0283-5-enable-proxy-for-dogtag.patch
Type: text/x-patch
Size: 12540 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110826/6c4b455f/attachment.bin>
More information about the Freeipa-devel
mailing list