summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2015-07-17 16:12:07 +0200
committerMartin Basti <mbasti@redhat.com>2015-07-29 16:44:13 +0200
commit45c709112da1514d57db46f9706bc03920574adf (patch)
treeb9b7647cdee887b2889231e851331b26257881a7
parenta2ba9373070b19c158be8be78f7fbeee5ccab081 (diff)
downloadfreeipa-45c709112da1514d57db46f9706bc03920574adf.zip
freeipa-45c709112da1514d57db46f9706bc03920574adf.tar.gz
freeipa-45c709112da1514d57db46f9706bc03920574adf.tar.xz
Use 'mv -Z' in specfile to restore SELinux context
There might be AVC denial between moving file and restoring context. Using 'mv -Z' will solve this issue. https://fedorahosted.org/freeipa/ticket/4923 Reviewed-By: David Kupka <dkupka@redhat.com>
-rw-r--r--freeipa.spec.in9
1 files changed, 3 insertions, 6 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 649af3c..0bb92f1 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -631,16 +631,14 @@ if [ $1 -gt 1 ] ; then
if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
- mv /etc/krb5.conf.ipanew /etc/krb5.conf
- /sbin/restorecon /etc/krb5.conf
+ mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
fi
fi
if [ -f '/etc/sysconfig/ntpd' -a $restore -ge 2 ]; then
if grep -E -q 'OPTIONS=.*-u ntp:ntp' /etc/sysconfig/ntpd 2>/dev/null; then
sed -r '/OPTIONS=/ { s/\s+-u ntp:ntp\s+/ /; s/\s*-u ntp:ntp\s*// }' /etc/sysconfig/ntpd >/etc/sysconfig/ntpd.ipanew
- mv /etc/sysconfig/ntpd.ipanew /etc/sysconfig/ntpd
- /sbin/restorecon /etc/sysconfig/ntpd
+ mv -Z /etc/sysconfig/ntpd.ipanew /etc/sysconfig/ntpd
/bin/systemctl condrestart ntpd.service 2>&1 || :
fi
@@ -686,8 +684,7 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
' /etc/ssh/sshd_config.ipanew
fi
- mv /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
- /sbin/restorecon /etc/ssh/sshd_config
+ mv -Z /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
chmod 600 /etc/ssh/sshd_config
/bin/systemctl condrestart sshd.service 2>&1 || :