[Freeipa-devel] [PATCH] 1019 require policycoreutils if SELinux is enabled
Martin Kosek
mkosek at redhat.com
Thu May 31 12:18:00 UTC 2012
On Wed, 2012-05-30 at 17:47 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Tue, 2012-05-29 at 16:50 -0400, Rob Crittenden wrote:
> >> Martin Kosek wrote:
> >>> On Fri, 2012-05-18 at 11:53 -0400, Rob Crittenden wrote:
> >>>> We don't have an explicit requires on the policycoreutils package in the
> >>>> client because SELinux is not required (just recommended).
> >>>>
> >>>> SELinux can be enabled without this package so check for that condition
> >>>> and don't allow installation if it is the case. The resulting install
> >>>> will be rather broken.
> >>>>
> >>>> Also check on the server when installing. This should never happen but
> >>>> in theory it could do the server install then fail in the client because
> >>>> of this.
> >>>>
> >>>> rob
> >>>
> >>> This works fine. I am just thinking if we should not rather use paths
> >>> in /usr/ for the check if a binary exists, i.e. check
> >>> for /usr/sbin/restorecon instead of /sbin/restorecon on Fedora.
> >>>
> >>> If we don't do this we need to be sure that the /sbin -> /usr/sbin
> >>> symlink created during UsrMove will stay on the system.
> >>>
> >>> Martin
> >>>
> >>
> >> Ok, that makes sense. Updated patch.
> >>
> >> rob
> >
> > I think I was not entirely clear - the path /usr/sbin/restorecon shall
> > be used for redhat platform only. UsrMove was done only in Fedora, IIRC,
> > in RHEL 6.x /usr/sbin/restorecon is not a valid path to restorecon (I
> > don't have my RHEL 6.x VM ready ATM) and the check would always fail on
> > RHEL 6.x systems. Bottomline is that we may want to use a different path
> > to the binary on redhat and fedora16 platform.
> >
> > I also think it would be useful to put the path to the binary to global
> > constant, so that it is not repeated so many items over the platform
> > files, i.e. something like that:
> >
> > ipapython/platform/redhat.py:
> > RESTORECON_PATH='/sbin/restorecon'
> > ...
> >
> > ipapython/platform/fedora16.py:
> > RESTORECON_PATH='/usr/sbin/restorecon'
> > ...
> >
> > Martin
>
> Ok, now I see what you were getting at. This should achieve it.
>
> Can't do per-file variables like this as the one in redhat.py will
> always win.
>
> rob
That's OK, ACK. Rebased and pushed to master.
Martin
More information about the Freeipa-devel
mailing list