[Freeipa-devel] [PATCH] install dies if selinux is disabled
Rob Crittenden
rcritten at redhat.com
Wed Oct 3 17:26:42 UTC 2007
William Jon McCann wrote:
> Hi,
>
> Tiny patch to fix the installer crashing if selinux is disabled. Also
> changes the exception to contain the complete command.
>
> FYI: the installer goes kinda wonky if you have run it multiple times
> and you don't apply this:
> https://bugzilla.redhat.com/show_bug.cgi?id=317071
>
> Perhaps we can make it more robust to dirsrv failing to start.
>
> Jon
Yeah, we've been working under the assumption that we're working on a
virginal machine which probably isn't the safest thing to do.
I think what we should do is look for any existing dirsrv instances and
punt if any are already installed. We aren't quite ready to support
importing the necessary configuration into an existing directory server
yet AFAIK. The idea is that one would install IPA, and then migrate to
it, rather than integrating IPA into an existing DS server.
There are some other appending issues too, such as the location of the
FDS keytab in /etc/sysconfig/dirsrv. Mine currently has 3 exports :-)
Rather than using a try/except I wonder if we should check the return
value of selinuxenabled and use that to determine whether we need to run
setsebool. Still, we should probably have a try/except around every
single call to run since it can throw an error.
Karl. Will this boolean get reset if someone does a relabels? Most of my
experience with SELinux is quite dated (back to RHEL-4).
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071003/225e33d5/attachment.bin>
More information about the Freeipa-devel
mailing list