[Freeipa-devel] [PATCHES] 0633-0634 Move setting SELinux booleans to platform code; Set SELinux booleans when restoring
thierry bordaz
tbordaz at redhat.com
Wed Sep 24 16:02:24 UTC 2014
On 08/15/2014 10:40 PM, Petr Viktorin wrote:
> A fix for https://fedorahosted.org/freeipa/ticket/4157
>
> This depends on my patches 0631-0632 (for backup/restore integration
> tests).
>
>
> Our setsebool code was repeated a few times. Instead of adding another
> copy, I refactored what we have into a platform task.
> I fixed two old setsebool tickets while I was at it:
> https://fedorahosted.org/freeipa/ticket/2519
> https://fedorahosted.org/freeipa/ticket/2934
>
> Since ipaplatform should not depend on ipalib, and I needed a new
> exception type, I added a new module, ipapython.errors. This might not
> be the best name, since it could be confused with ipalib.errors.
> Opinions welcome.
>
>
> As for the second patch: ideally, rather than what I do with `if
> 'ADTRUST' in self.backup_services`, we'd get the list of booleans
> directly from the *instance modules, or even tell the individual
> services to restore themselves. But, that refactoring looks like too
> much to do now.
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
The first patch looks good to me. Just a minor comment. The test and run
of 'paths.SELINUXENABLED' is present several times in tasks.py and
fedora. Does it worth to refactor it ?
About the second patch, something I do not understand.
restore_selinux_booleans resets the selinux boolean to the values that
are taken from SELINUX_BOOLEAN_SETTINGS in the instance (http/ad) . Does
that mean this dict has been updated with the original values (using
'backup_func' in set_selinux_booleans ?).
thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140924/4ced4a51/attachment.htm>
More information about the Freeipa-devel
mailing list