[Freeipa-devel] [PATCH 477] spec file: Add Requires(pre) on selinux-policy
Jan Pazdziora
jpazdziora at redhat.com
Wed Aug 26 08:15:16 UTC 2015
On Tue, Aug 25, 2015 at 02:18:29PM +0200, Jan Cholasta wrote:
> Hi,
>
> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5256>.
>
> Honza
>
> --
> Jan Cholasta
> From 216be8de30747f80f490d4e91a7cca4af3e767d6 Mon Sep 17 00:00:00 2001
> From: Jan Cholasta <jcholast at redhat.com>
> Date: Tue, 25 Aug 2015 14:14:25 +0200
> Subject: [PATCH] spec file: Add Requires(pre) on selinux-policy
>
> This prevents ipa-server-upgrade failures on SELinux AVCs because of old
> selinux-policy version.
>
> https://fedorahosted.org/freeipa/ticket/5256
> ---
> freeipa.spec.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/freeipa.spec.in b/freeipa.spec.in
> index cba91fe..fd73cda 100644
> --- a/freeipa.spec.in
> +++ b/freeipa.spec.in
> @@ -139,6 +139,7 @@ Requires: systemd-units >= 38
> Requires(pre): shadow-utils
> Requires(pre): systemd-units
> Requires(post): systemd-units
> +Requires(pre): selinux-policy >= %{selinux_policy_version}
What is the core issue with
https://fedorahosted.org/freeipa/ticket/5256
? I undestand that we need new selinux-policy, but what does that
policy change?
I ask because if it's about labelling of files installed by rpm, the
(pre) might not help because rpm did not reload the file contexts
mid-transaction
https://bugzilla.redhat.com/show_bug.cgi?id=505066#c9
and I'm not sure things have changed since RHEL 5.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-devel
mailing list