[Freeipa-devel] [PATCH 0286, 0290] Sysrestore: copy files instead of moving them to avoid SELinux issues

Martin Basti mbasti at redhat.com
Wed Jul 29 14:49:04 UTC 2015


On 29/07/15 09:02, David Kupka wrote:
> On 17/07/15 16:33, Martin Basti wrote:
>> On 17/07/15 13:57, Petr Vobornik wrote:
>>> On 07/17/2015 01:46 PM, Petr Vobornik wrote:
>>>> On 07/17/2015 01:44 PM, Alexander Bokovoy wrote:
>>>>> On Fri, 17 Jul 2015, Martin Basti wrote:
>>>>>> From b05f4a2e17ae00e5c20e5eb7bd046472f100e0ad Mon Sep 17 00:00:00 
>>>>>> 2001
>>>>>> From: Martin Basti <mbasti at redhat.com>
>>>>>> Date: Wed, 15 Jul 2015 16:20:59 +0200
>>>>>> Subject: [PATCH] sysrestore: copy files instead of moving them to
>>>>>> avoind
>>>>>> SELinux issues
>>>>>
>>>>> ACK.
>>>>>
>>>>
>>>> Pushed to:
>>>> master: 9f701283534745bf93b41a1886183e9ef1d06566
>>>> ipa-4-2: 92a73e8b2a5f26744b036a36de4b9956e8883f61
>>>
>>> Does it really fix the whole ticket?
>>>
>>> There is also in freeipa.spec.in %post client (i.e. upgrade):
>>>
>>>             cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
>>>             mv /etc/krb5.conf.ipanew /etc/krb5.conf
>>>             /sbin/restorecon /etc/krb5.conf
>>>
>>> + some others.
>>>
>>> Between the mv and restorecon, SSSD tries to access the file and
>>> raises AVC.
>>>
>>> In this case we can freely use mv -z since target platforms are Fedora
>>> and newest RHEL.
>>
>> The new patch fixing specfile attached.
>>
>>
>>
> Works for me, ACK.
>
Pushed to:
master: 45c709112da1514d57db46f9706bc03920574adf
ipa-4-2: 21d31224780d4e1e5e4371f12c5ebae6b4aca54f


-- 
Martin Basti




More information about the Freeipa-devel mailing list