[Freeipa-devel] [PATCH 0286, 0290] Sysrestore: copy files instead of moving them to avoid SELinux issues
Martin Basti
mbasti at redhat.com
Fri Jul 17 14:33:40 UTC 2015
On 17/07/15 13:57, Petr Vobornik wrote:
> On 07/17/2015 01:46 PM, Petr Vobornik wrote:
>> On 07/17/2015 01:44 PM, Alexander Bokovoy wrote:
>>> On Fri, 17 Jul 2015, Martin Basti wrote:
>>>> From b05f4a2e17ae00e5c20e5eb7bd046472f100e0ad Mon Sep 17 00:00:00 2001
>>>> From: Martin Basti <mbasti at redhat.com>
>>>> Date: Wed, 15 Jul 2015 16:20:59 +0200
>>>> Subject: [PATCH] sysrestore: copy files instead of moving them to
>>>> avoind
>>>> SELinux issues
>>>
>>> ACK.
>>>
>>
>> Pushed to:
>> master: 9f701283534745bf93b41a1886183e9ef1d06566
>> ipa-4-2: 92a73e8b2a5f26744b036a36de4b9956e8883f61
>
> Does it really fix the whole ticket?
>
> There is also in freeipa.spec.in %post client (i.e. upgrade):
>
> cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
> mv /etc/krb5.conf.ipanew /etc/krb5.conf
> /sbin/restorecon /etc/krb5.conf
>
> + some others.
>
> Between the mv and restorecon, SSSD tries to access the file and
> raises AVC.
>
> In this case we can freely use mv -z since target platforms are Fedora
> and newest RHEL.
The new patch fixing specfile attached.
--
Martin Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0290-Use-mv-Z-in-specfile-to-restore-SELinux-context.patch
Type: text/x-patch
Size: 2058 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150717/92549ed8/attachment.bin>
More information about the Freeipa-devel
mailing list