summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2012-04-03 10:47:40 +0200
committerRob Crittenden <rcritten@redhat.com>2012-04-03 18:20:51 -0400
commit17a0738d2d352f9c3d73167b3fb22cd566fd98d4 (patch)
treec446f264ef2b4196d20459c2dfafe172ef98a5a4 /ipaserver
parent8a7d7aaf810503befc174ce0465a08d086e47b91 (diff)
downloadfreeipa-17a0738d2d352f9c3d73167b3fb22cd566fd98d4.tar.gz
freeipa-17a0738d2d352f9c3d73167b3fb22cd566fd98d4.tar.xz
freeipa-17a0738d2d352f9c3d73167b3fb22cd566fd98d4.zip
Configure SELinux for httpd during upgrades
SELinux configuration for httpd instance was set for new installations only. Upgraded IPA servers (namely 2.1.x -> 2.2.x upgrade) missed the configuration. This lead to AVCs when httpd tries to contact ipa_memcached and user not being able to log in. This patch updates ipa-upgradeconfig to configure SELinux in the same way as ipa-server-install does. https://fedorahosted.org/freeipa/ticket/2603
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/httpinstance.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index e46d4ed5a..0a09c26f2 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -86,7 +86,7 @@ class HTTPInstance(service.Service):
self.step("publish CA cert", self.__publish_ca_cert)
self.step("creating a keytab for httpd", self.__create_http_keytab)
self.step("clean up any existing httpd ccache", self.remove_httpd_ccache)
- self.step("configuring SELinux for httpd", self.__selinux_config)
+ self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd)
self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable)
@@ -103,7 +103,7 @@ class HTTPInstance(service.Service):
# components as found in our LDAP configuration tree
self.ldap_enable('HTTP', self.fqdn, self.dm_password, self.suffix)
- def __selinux_config(self):
+ def configure_selinux_for_httpd(self):
selinux = False
try:
if (os.path.exists('/usr/sbin/selinuxenabled')):