[Freeipa-devel] [PATCH] 1019 require policycoreutils if SELinux is enabled
Rob Crittenden
rcritten at redhat.com
Wed May 30 21:47:35 UTC 2012
Martin Kosek wrote:
> On Tue, 2012-05-29 at 16:50 -0400, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On Fri, 2012-05-18 at 11:53 -0400, Rob Crittenden wrote:
>>>> We don't have an explicit requires on the policycoreutils package in the
>>>> client because SELinux is not required (just recommended).
>>>>
>>>> SELinux can be enabled without this package so check for that condition
>>>> and don't allow installation if it is the case. The resulting install
>>>> will be rather broken.
>>>>
>>>> Also check on the server when installing. This should never happen but
>>>> in theory it could do the server install then fail in the client because
>>>> of this.
>>>>
>>>> rob
>>>
>>> This works fine. I am just thinking if we should not rather use paths
>>> in /usr/ for the check if a binary exists, i.e. check
>>> for /usr/sbin/restorecon instead of /sbin/restorecon on Fedora.
>>>
>>> If we don't do this we need to be sure that the /sbin -> /usr/sbin
>>> symlink created during UsrMove will stay on the system.
>>>
>>> Martin
>>>
>>
>> Ok, that makes sense. Updated patch.
>>
>> rob
>
> I think I was not entirely clear - the path /usr/sbin/restorecon shall
> be used for redhat platform only. UsrMove was done only in Fedora, IIRC,
> in RHEL 6.x /usr/sbin/restorecon is not a valid path to restorecon (I
> don't have my RHEL 6.x VM ready ATM) and the check would always fail on
> RHEL 6.x systems. Bottomline is that we may want to use a different path
> to the binary on redhat and fedora16 platform.
>
> I also think it would be useful to put the path to the binary to global
> constant, so that it is not repeated so many items over the platform
> files, i.e. something like that:
>
> ipapython/platform/redhat.py:
> RESTORECON_PATH='/sbin/restorecon'
> ...
>
> ipapython/platform/fedora16.py:
> RESTORECON_PATH='/usr/sbin/restorecon'
> ...
>
> Martin
Ok, now I see what you were getting at. This should achieve it.
Can't do per-file variables like this as the one in redhat.py will
always win.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1019-5-selinux.patch
Type: text/x-diff
Size: 17113 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120530/609c868f/attachment.bin>
More information about the Freeipa-devel
mailing list