From df17e42216f5efbda37df524a15de427b47ec34d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 28 Aug 2009 18:01:02 -0400
Subject: Many SELinux fixes: ldapi, ctypes and dogtag

ldapi: grants httpd and krb5kdc to access the DS ldapi socket

ctypes: the Python uuid module includes ctypes which makes httpd segfault
due to SELinux problems.

dogtag: remove the CRL publishing permissions. This only worked if you
had dogtag installed. In the near future will publish elsewhere so for
the time being CRL file publishing will be broken with SELinux enabled.
---
 ipalib/__init__.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'ipalib/__init__.py')

diff --git a/ipalib/__init__.py b/ipalib/__init__.py
index b21c30384..844f5b468 100644
--- a/ipalib/__init__.py
+++ b/ipalib/__init__.py
@@ -873,10 +873,9 @@ from parameters import DefaultFrom, Bool, Flag, Int, Float, Bytes, Str, Password
 from parameters import BytesEnum, StrEnum
 from errors import SkipPluginModule
 
-try:
-    import uuid
-except ImportError:
-    import ipauuid as uuid
+# We can't import the python uuid since it includes ctypes which makes
+# httpd throw up when run in in mod_python due to SELinux issues
+import ipauuid as uuid
 
 
 version_info = (2, 0, 0, 'alpha', 0)
-- 
cgit