[Freeipa-devel] [PATCH] 981 set httpd_manage_ipa
Rob Crittenden
rcritten at redhat.com
Thu Mar 15 01:53:46 UTC 2012
Alexander Bokovoy wrote:
> On Mon, 12 Mar 2012, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Alexander Bokovoy wrote:
>>>> On Mon, 12 Mar 2012, Rob Crittenden wrote:
>>>>> Alexander Bokovoy wrote:
>>>>>> On Wed, 07 Mar 2012, Rob Crittenden wrote:
>>>>>>
>>>>>>> Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
>>>>>>> enforcing mode.
>>>>>>>
>>>>>>> This is being done in the HTTP instance so we can set both booleans
>>>>>>> in one step and save a bit of time (it is still slow).
>>>>>> I would prefer all platform-specific manipulations of security
>>>>>> policies to be moved to platform-specific module.
>>>>>>
>>>>>> Make a HTTP class there (like I did dirsrv class in systemd
>>>>>> backend) and perform manipulations on service enable.
>>>>>>
>>>>>> This way main code will stay clear of platform-specific code.
>>>>>>
>>>>>> Sorry for not looking into the issue before.
>>>>>>
>>>>>
>>>>> I'd prefer to keep the change simple for now and do the big move post
>>>>> 2.2.
>>>> ACK on condition you'd file a ticket for the post 2.2 work.
>>>>
>>>> :)
>>>
>>> Filed this https://fedorahosted.org/freeipa/ticket/2519
>>>
>>> I found an issue with this patch that I need to address, will submit a
>>> replacement.
>>>
>>> rob
>>
>> Handle things better if a boolean doesn't exist.
> Lucky that setsebool takes multiple booleans at the same time...
> Maybe it would make sense to merge bools upon recover?
>
> Otherwise ACK.
>
pushed to master and ipa-2-2
More information about the Freeipa-devel
mailing list