[Freeipa-devel] [PATCH] 981 set httpd_manage_ipa
Alexander Bokovoy
abokovoy at redhat.com
Mon Mar 12 21:58:15 UTC 2012
On Mon, 12 Mar 2012, Rob Crittenden wrote:
> Rob Crittenden wrote:
> >Alexander Bokovoy wrote:
> >>On Mon, 12 Mar 2012, Rob Crittenden wrote:
> >>>Alexander Bokovoy wrote:
> >>>>On Wed, 07 Mar 2012, Rob Crittenden wrote:
> >>>>
> >>>>>Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
> >>>>>enforcing mode.
> >>>>>
> >>>>>This is being done in the HTTP instance so we can set both booleans
> >>>>>in one step and save a bit of time (it is still slow).
> >>>>I would prefer all platform-specific manipulations of security
> >>>>policies to be moved to platform-specific module.
> >>>>
> >>>>Make a HTTP class there (like I did dirsrv class in systemd
> >>>>backend) and perform manipulations on service enable.
> >>>>
> >>>>This way main code will stay clear of platform-specific code.
> >>>>
> >>>>Sorry for not looking into the issue before.
> >>>>
> >>>
> >>>I'd prefer to keep the change simple for now and do the big move post
> >>>2.2.
> >>ACK on condition you'd file a ticket for the post 2.2 work.
> >>
> >>:)
> >
> >Filed this https://fedorahosted.org/freeipa/ticket/2519
> >
> >I found an issue with this patch that I need to address, will submit a
> >replacement.
> >
> >rob
>
> Handle things better if a boolean doesn't exist.
Lucky that setsebool takes multiple booleans at the same time...
Maybe it would make sense to merge bools upon recover?
Otherwise ACK.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list