summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--install/conf/ipa.conf6
-rwxr-xr-xinstall/tools/ipa-server-install4
-rw-r--r--ipa.spec.in8
-rw-r--r--selinux/Makefile5
-rw-r--r--selinux/ipa_httpd/ipa_httpd.fc5
-rw-r--r--selinux/ipa_httpd/ipa_httpd.te2
6 files changed, 18 insertions, 12 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index b23fc02..81a6bc6 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -39,7 +39,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
PythonInterpreter main_interpreter
PythonHandler ipaserver::xmlrpc
PythonDebug Off
- PythonOption IPADebug Off
PythonOption SCRIPT_NAME /ipa/xml
PythonAutoReload Off
</Location>
@@ -49,7 +48,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
PythonInterpreter main_interpreter
PythonHandler ipaserver::jsonrpc
PythonDebug Off
- PythonOption IPADebug Off
PythonOption SCRIPT_NAME /ipa/json
PythonAutoReload Off
</Location>
@@ -59,7 +57,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
PythonInterpreter main_interpreter
PythonHandler ipaserver::webui
PythonDebug Off
- PythonOption IPADebug Off
PythonOption SCRIPT_NAME /ipa/ui
PythonAutoReload Off
</Location>
@@ -68,7 +65,8 @@ Alias /ipa-assets/ "/var/cache/ipa/assets/"
<Directory "/var/cache/ipa/assets">
Allow from all
AllowOverride None
- Options Indexes FollowSymLinks
+ # add Indexes to Options to allow browsing
+ Options FollowSymLinks
ExpiresActive On
ExpiresDefault A31536000
</Directory>
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 462db64..a2e9c7a 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -674,7 +674,8 @@ def main():
krb = krbinstance.KrbInstance(fstore)
krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)
- # Render webui assets:
+ # Render webui assets:
+ ipautil.run(["/sbin/restorecon", ASSETS_DIR])
render_assets()
# Create a HTTP instance
@@ -691,6 +692,7 @@ def main():
os.remove(pw_name)
else:
http.create_instance(realm_name, host_name, domain_name, autoconfig=True, self_signed_ca=not options.ca)
+ ipautil.run(["/sbin/restorecon", "/var/cache/ipa/sessions"])
# Create the config file
fstore.backup_file("/etc/ipa/ipa.conf")
diff --git a/ipa.spec.in b/ipa.spec.in
index 5c070b1..ce2c0a6 100644
--- a/ipa.spec.in
+++ b/ipa.spec.in
@@ -319,7 +319,7 @@ if [ -s /etc/selinux/config ]; then
fi
%post server-selinux
-semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp /usr/share/selinux/targeted/ipa_kpasswd.pp /usr/share/selinux/targeted/ipa_httpd.pp
+semodule -s targeted -i /usr/share/selinux/targeted/ipa_kpasswd.pp /usr/share/selinux/targeted/ipa_httpd.pp
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
selinuxenabled
@@ -341,7 +341,7 @@ fi
%postun server-selinux
if [ $1 = 0 ]; then
-semodule -s targeted -r ipa_webgui ipa_kpasswd ipa_httpd
+semodule -s targeted -r ipa_kpasswd ipa_httpd
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
selinuxenabled
@@ -409,7 +409,6 @@ fi
%{_mandir}/man1/ipa-ldap-updater.1.gz
%files server-selinux
-%{_usr}/share/selinux/targeted/ipa_webgui.pp
%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
%{_usr}/share/selinux/targeted/ipa_httpd.pp
%endif
@@ -474,6 +473,9 @@ fi
%endif
%changelog
+* Tue Nov 3 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-9
+- Remove ipa_webgui, its functions rolled into ipa_httpd
+
* Mon Oct 12 2009 Jason Gerard DeRose <jderose@redhat.com> - 1.99-8
- Removed python-cherrypy from BuildRequires and Requires
- Added Requires python-assets, python-wehjit
diff --git a/selinux/Makefile b/selinux/Makefile
index 9c2ed09..6780a8b 100644
--- a/selinux/Makefile
+++ b/selinux/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS = ipa_webgui ipa_kpasswd ipa_httpd
+SUBDIRS = ipa_kpasswd ipa_httpd
POLICY_MAKEFILE = /usr/share/selinux/devel/Makefile
POLICY_DIR = $(DESTDIR)/usr/share/selinux/targeted
@@ -21,9 +21,8 @@ maintainer-clean: distclean
install: all
install -d $(POLICY_DIR)
- install -m 644 ipa_webgui/ipa_webgui.pp $(POLICY_DIR)
install -m 644 ipa_kpasswd/ipa_kpasswd.pp $(POLICY_DIR)
install -m 644 ipa_httpd/ipa_httpd.pp $(POLICY_DIR)
load:
- /usr/sbin/semodule -i ipa_webgui/ipa_webgui.pp ipa_kpasswd/ipa_kpasswd.pp ipa_httpd/ipa_httpd.pp
+ /usr/sbin/semodule -i ipa_kpasswd/ipa_kpasswd.pp ipa_httpd/ipa_httpd.pp
diff --git a/selinux/ipa_httpd/ipa_httpd.fc b/selinux/ipa_httpd/ipa_httpd.fc
new file mode 100644
index 0000000..b2c6c1a
--- /dev/null
+++ b/selinux/ipa_httpd/ipa_httpd.fc
@@ -0,0 +1,5 @@
+#
+# /var
+#
+/var/cache/ipa/sessions(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+/var/cache/ipa/assets(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
index 29112ba..e5cec85 100644
--- a/selinux/ipa_httpd/ipa_httpd.te
+++ b/selinux/ipa_httpd/ipa_httpd.te
@@ -1,4 +1,4 @@
-module ipa_httpd 1.0;
+module ipa_httpd 1.1;
require {
type httpd_t;