From da58b0cc75ffd59e34729d3caedaa715d8dd2584 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 3 Nov 2009 15:26:00 -0500
Subject: Add SELinux policy for UI assets

This also removes the Index option of /ipa-assets as well as the
deprecated IPADebug option.

No need to build or install ipa_webgui anymore. Leaving in the code
for reference purposes for now.
---
 install/conf/ipa.conf            | 6 ++----
 install/tools/ipa-server-install | 4 +++-
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'install')

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index b23fc025..81a6bc69 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -39,7 +39,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   PythonInterpreter main_interpreter
   PythonHandler ipaserver::xmlrpc
   PythonDebug Off
-  PythonOption IPADebug Off
   PythonOption SCRIPT_NAME /ipa/xml
   PythonAutoReload Off
 </Location>
@@ -49,7 +48,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   PythonInterpreter main_interpreter
   PythonHandler ipaserver::jsonrpc
   PythonDebug Off
-  PythonOption IPADebug Off
   PythonOption SCRIPT_NAME /ipa/json
   PythonAutoReload Off
 </Location>
@@ -59,7 +57,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   PythonInterpreter main_interpreter
   PythonHandler ipaserver::webui
   PythonDebug Off
-  PythonOption IPADebug Off
   PythonOption SCRIPT_NAME /ipa/ui
   PythonAutoReload Off
 </Location>
@@ -68,7 +65,8 @@ Alias /ipa-assets/ "/var/cache/ipa/assets/"
 <Directory "/var/cache/ipa/assets">
   Allow from all
   AllowOverride None
-  Options Indexes FollowSymLinks
+  # add Indexes to Options to allow browsing
+  Options FollowSymLinks
   ExpiresActive On
   ExpiresDefault A31536000
 </Directory>
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 462db64e..a2e9c7a3 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -674,7 +674,8 @@ def main():
     krb = krbinstance.KrbInstance(fstore)
     krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)
 
-   # Render webui assets:
+    # Render webui assets:
+    ipautil.run(["/sbin/restorecon", ASSETS_DIR])
     render_assets()
 
     # Create a HTTP instance
@@ -691,6 +692,7 @@ def main():
         os.remove(pw_name)
     else:
         http.create_instance(realm_name, host_name, domain_name, autoconfig=True, self_signed_ca=not options.ca)
+    ipautil.run(["/sbin/restorecon", "/var/cache/ipa/sessions"])
 
     # Create the config file
     fstore.backup_file("/etc/ipa/ipa.conf")
-- 
cgit