[Freeipa-devel] [PATCHES] 0633-0634 Move setting SELinux booleans to platform code; Set SELinux booleans when restoring

[thierry bordaz]

On 08/15/2014 10:40 PM, Petr Viktorin wrote:
> A fix for https://fedorahosted.org/freeipa/ticket/4157
>
> This depends on my patches 0631-0632 (for backup/restore integration 
> tests).
>
>
> Our setsebool code was repeated a few times. Instead of adding another 
> copy, I refactored what we have into a platform task.
> I fixed two old setsebool tickets while I was at it:
>     https://fedorahosted.org/freeipa/ticket/2519
>     https://fedorahosted.org/freeipa/ticket/2934
>
> Since ipaplatform should not depend on ipalib, and I needed a new 
> exception type, I added a new module, ipapython.errors. This might not 
> be the best name, since it could be confused with ipalib.errors. 
> Opinions welcome.
>
>
> As for the second patch: ideally, rather than what I do with `if 
> 'ADTRUST' in self.backup_services`, we'd get the list of booleans 
> directly from the *instance modules, or even tell the individual 
> services to restore themselves. But, that refactoring looks like too 
> much to do now.
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

The first patch looks good to me. Just a minor comment. The test and run 
of 'paths.SELINUXENABLED' is present several times in tasks.py and 
fedora. Does it worth to refactor it ?

About the second patch, something I do not understand. 
restore_selinux_booleans resets the selinux boolean to the values that 
are taken from SELINUX_BOOLEAN_SETTINGS in the instance (http/ad) . Does 
that mean this dict has been updated with the original values (using 
'backup_func' in set_selinux_booleans ?).


thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140924/4ced4a51/attachment.htm>