From 17a0738d2d352f9c3d73167b3fb22cd566fd98d4 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Tue, 3 Apr 2012 10:47:40 +0200 Subject: Configure SELinux for httpd during upgrades SELinux configuration for httpd instance was set for new installations only. Upgraded IPA servers (namely 2.1.x -> 2.2.x upgrade) missed the configuration. This lead to AVCs when httpd tries to contact ipa_memcached and user not being able to log in. This patch updates ipa-upgradeconfig to configure SELinux in the same way as ipa-server-install does. https://fedorahosted.org/freeipa/ticket/2603 --- ipaserver/install/httpinstance.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ipaserver/install/httpinstance.py') diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index e46d4ed5a..0a09c26f2 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -86,7 +86,7 @@ class HTTPInstance(service.Service): self.step("publish CA cert", self.__publish_ca_cert) self.step("creating a keytab for httpd", self.__create_http_keytab) self.step("clean up any existing httpd ccache", self.remove_httpd_ccache) - self.step("configuring SELinux for httpd", self.__selinux_config) + self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd) self.step("restarting httpd", self.__start) self.step("configuring httpd to start on boot", self.__enable) @@ -103,7 +103,7 @@ class HTTPInstance(service.Service): # components as found in our LDAP configuration tree self.ldap_enable('HTTP', self.fqdn, self.dm_password, self.suffix) - def __selinux_config(self): + def configure_selinux_for_httpd(self): selinux = False try: if (os.path.exists('/usr/sbin/selinuxenabled')): -- cgit