[Freeipa-devel] [PATCH 0027] Add checks for SELinux in install scripts
Tomas Babej
tbabej at redhat.com
Mon Feb 4 16:55:50 UTC 2013
On 02/04/2013 04:21 PM, Rob Crittenden wrote:
> Tomas Babej wrote:
>> On 01/30/2013 05:12 PM, Tomas Babej wrote:
>>> Hi,
>>>
>>> The checks make sure that SELinux is:
>>> - installed and enabled (on server install)
>>> - installed and enabled OR not installed (on client install)
>>>
>>> Please note that client installs with SELinux not installed are
>>> allowed since freeipa-client package has no dependency on SELinux.
>>> (any objections to this approach?)
>>>
>>> The (unsupported) option --allow-no-selinux has been added. It can
>>> used to bypass the checks.
>>>
>>> Parts of platform-dependant code were refactored to use newly added
>>> is_selinux_enabled() function.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3359
>>>
>>> Tomas
>>
>> I forgot to edit the man pages. Thanks Rob!
>>
>> Updated patch attached.
>>
>> Tomas
>
> After a bit of off-line discussion I don't think we're quite ready yet
> to require SELinux by default on client installations (even with a
> flag to work around it). The feeling is this would be disruptive to
> existing automation.
>
> Can you still do the check but not enforce it, simply display a big
> warning if SELinux is disabled?
>
> rob
>
Sure, here is the updated patch.
I edited the commit message, RFE description and man pages according to
the new behaviour.
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0027-3-Add-checks-for-SELinux-in-install-scripts.patch
Type: text/x-patch
Size: 13788 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130204/87c8eb15/attachment.bin>
More information about the Freeipa-devel
mailing list