[Freeipa-devel] [PATCH] 981 set httpd_manage_ipa
Rob Crittenden
rcritten at redhat.com
Mon Mar 12 21:51:43 UTC 2012
Rob Crittenden wrote:
> Alexander Bokovoy wrote:
>> On Mon, 12 Mar 2012, Rob Crittenden wrote:
>>> Alexander Bokovoy wrote:
>>>> On Wed, 07 Mar 2012, Rob Crittenden wrote:
>>>>
>>>>> Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
>>>>> enforcing mode.
>>>>>
>>>>> This is being done in the HTTP instance so we can set both booleans
>>>>> in one step and save a bit of time (it is still slow).
>>>> I would prefer all platform-specific manipulations of security
>>>> policies to be moved to platform-specific module.
>>>>
>>>> Make a HTTP class there (like I did dirsrv class in systemd
>>>> backend) and perform manipulations on service enable.
>>>>
>>>> This way main code will stay clear of platform-specific code.
>>>>
>>>> Sorry for not looking into the issue before.
>>>>
>>>
>>> I'd prefer to keep the change simple for now and do the big move post
>>> 2.2.
>> ACK on condition you'd file a ticket for the post 2.2 work.
>>
>> :)
>
> Filed this https://fedorahosted.org/freeipa/ticket/2519
>
> I found an issue with this patch that I need to address, will submit a
> replacement.
>
> rob
Handle things better if a boolean doesn't exist.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-981-2-selinux.patch
Type: text/x-diff
Size: 4611 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120312/b77c56c5/attachment.bin>
More information about the Freeipa-devel
mailing list