[Freeipa-devel] [freeipa PR#513][comment] certdb: Don't restore_context() of new NSSDB
tiran
freeipa-github-notification at redhat.com
Wed Mar 1 09:11:39 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
tiran commented:
"""
Maybe it was required back then. 7, 8 years is a long time. Nowadays new files are created with correct context:
```
# rm -f /etc/ipa/nssdb/testfile
# touch /etc/ipa/nssdb/testfile
# ls -laZ /etc/ipa/nssdb/testfile
-rw-r--r--. 1 root root unconfined_u:object_r:cert_t:s0 0 Mar 1 09:08 /etc/ipa/nssdb/testfile
# restorecon /etc/ipa/nssdb/testfile
# ls -laZ /etc/ipa/nssdb/testfile
-rw-r--r--. 1 root root unconfined_u:object_r:cert_t:s0 0 Mar 1 09:08 /etc/ipa/nssdb/testfile
```
"""
See the full comment at https://github.com/freeipa/freeipa/pull/513#issuecomment-283285289
More information about the Freeipa-devel
mailing list