diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-04-03 10:47:40 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-03 18:21:09 -0400 |
commit | 56196b28085b346b86b43662a1ba7fdaf7a2454b (patch) | |
tree | d2f829368da0afef95a53d38f0e5be2ae29970fb /ipaserver | |
parent | 241955e4ce34f491168237f5a06bcb98daf22a5a (diff) | |
download | freeipa.git-56196b28085b346b86b43662a1ba7fdaf7a2454b.tar.gz freeipa.git-56196b28085b346b86b43662a1ba7fdaf7a2454b.tar.xz freeipa.git-56196b28085b346b86b43662a1ba7fdaf7a2454b.zip |
Configure SELinux for httpd during upgrades
SELinux configuration for httpd instance was set for new
installations only. Upgraded IPA servers (namely 2.1.x -> 2.2.x
upgrade) missed the configuration. This lead to AVCs when httpd
tries to contact ipa_memcached and user not being able to log in.
This patch updates ipa-upgradeconfig to configure SELinux
in the same way as ipa-server-install does.
https://fedorahosted.org/freeipa/ticket/2603
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/httpinstance.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index e46d4ed5..0a09c26f 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -86,7 +86,7 @@ class HTTPInstance(service.Service): self.step("publish CA cert", self.__publish_ca_cert) self.step("creating a keytab for httpd", self.__create_http_keytab) self.step("clean up any existing httpd ccache", self.remove_httpd_ccache) - self.step("configuring SELinux for httpd", self.__selinux_config) + self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd) self.step("restarting httpd", self.__start) self.step("configuring httpd to start on boot", self.__enable) @@ -103,7 +103,7 @@ class HTTPInstance(service.Service): # components as found in our LDAP configuration tree self.ldap_enable('HTTP', self.fqdn, self.dm_password, self.suffix) - def __selinux_config(self): + def configure_selinux_for_httpd(self): selinux = False try: if (os.path.exists('/usr/sbin/selinuxenabled')): |