From df17e42216f5efbda37df524a15de427b47ec34d Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 28 Aug 2009 18:01:02 -0400 Subject: Many SELinux fixes: ldapi, ctypes and dogtag ldapi: grants httpd and krb5kdc to access the DS ldapi socket ctypes: the Python uuid module includes ctypes which makes httpd segfault due to SELinux problems. dogtag: remove the CRL publishing permissions. This only worked if you had dogtag installed. In the near future will publish elsewhere so for the time being CRL file publishing will be broken with SELinux enabled. --- ipalib/ipauuid.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'ipalib/ipauuid.py') diff --git a/ipalib/ipauuid.py b/ipalib/ipauuid.py index 9923dc7a..19b8415f 100644 --- a/ipalib/ipauuid.py +++ b/ipalib/ipauuid.py @@ -1,5 +1,9 @@ # This is a backport of the Python2.5 uuid module. +# IMPORTANT NOTE: All references to ctypes are commented out because +# ctypes does all sorts of strange things that makes +# it not work in httpd with SELinux enabled. + r"""UUID objects (universally unique identifiers) according to RFC 4122. This module provides immutable UUID objects (class UUID) and the functions @@ -356,6 +360,7 @@ def _ipconfig_getnode(): """Get the hardware address on Windows by running ipconfig.exe.""" import os, re dirs = ['', r'c:\windows\system32', r'c:\winnt\system32'] + """ try: import ctypes buffer = ctypes.create_string_buffer(300) @@ -363,6 +368,7 @@ def _ipconfig_getnode(): dirs.insert(0, buffer.value.decode('mbcs')) except: pass + """ for dir in dirs: try: pipe = os.popen(os.path.join(dir, 'ipconfig') + ' /all') @@ -406,6 +412,7 @@ def _netbios_getnode(): # If ctypes is available, use it to find system routines for UUID generation. _uuid_generate_random = _uuid_generate_time = _UuidCreate = None +""" try: import ctypes, ctypes.util _buffer = ctypes.create_string_buffer(16) @@ -438,6 +445,7 @@ try: getattr(lib, 'UuidCreate', None)) except: pass +""" def _unixdll_getnode(): """Get the hardware address on Unix using ctypes.""" -- cgit