diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-04-03 10:47:40 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-03 18:20:51 -0400 |
commit | 17a0738d2d352f9c3d73167b3fb22cd566fd98d4 (patch) | |
tree | c446f264ef2b4196d20459c2dfafe172ef98a5a4 /ipaserver | |
parent | 8a7d7aaf810503befc174ce0465a08d086e47b91 (diff) | |
download | freeipa-17a0738d2d352f9c3d73167b3fb22cd566fd98d4.tar.gz freeipa-17a0738d2d352f9c3d73167b3fb22cd566fd98d4.tar.xz freeipa-17a0738d2d352f9c3d73167b3fb22cd566fd98d4.zip |
Configure SELinux for httpd during upgrades
SELinux configuration for httpd instance was set for new
installations only. Upgraded IPA servers (namely 2.1.x -> 2.2.x
upgrade) missed the configuration. This lead to AVCs when httpd
tries to contact ipa_memcached and user not being able to log in.
This patch updates ipa-upgradeconfig to configure SELinux
in the same way as ipa-server-install does.
https://fedorahosted.org/freeipa/ticket/2603
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/httpinstance.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index e46d4ed5a..0a09c26f2 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -86,7 +86,7 @@ class HTTPInstance(service.Service): self.step("publish CA cert", self.__publish_ca_cert) self.step("creating a keytab for httpd", self.__create_http_keytab) self.step("clean up any existing httpd ccache", self.remove_httpd_ccache) - self.step("configuring SELinux for httpd", self.__selinux_config) + self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd) self.step("restarting httpd", self.__start) self.step("configuring httpd to start on boot", self.__enable) @@ -103,7 +103,7 @@ class HTTPInstance(service.Service): # components as found in our LDAP configuration tree self.ldap_enable('HTTP', self.fqdn, self.dm_password, self.suffix) - def __selinux_config(self): + def configure_selinux_for_httpd(self): selinux = False try: if (os.path.exists('/usr/sbin/selinuxenabled')): |