diff options
| author | Christian Heimes <cheimes@redhat.com> | 2017-02-27 15:12:39 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-03-01 13:42:01 +0100 |
| commit | a163ad77b3d12f2da2b135de29f594c06190b41a (patch) | |
| tree | 466a01e4a970af253d884dcc4fcaa520d51bd488 | |
| parent | 5055b34cefd6e3f9b707aed076a49ae97b38aa3c (diff) | |
| download | freeipa-a163ad77b3d12f2da2b135de29f594c06190b41a.tar.gz freeipa-a163ad77b3d12f2da2b135de29f594c06190b41a.tar.xz freeipa-a163ad77b3d12f2da2b135de29f594c06190b41a.zip | |
certdb: Don't restore_context() of new NSSDB
It's not necesary to restore the context of newly created files. SELinux
ensures that new files have the correct permission. An explicit
restore_context() is only required when either policies have changed or
the context was changed manually.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
| -rw-r--r-- | ipapython/certdb.py | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py index b22c3c1ad..5389e6344 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -29,7 +29,6 @@ from cryptography.hazmat.primitives import serialization from nss import nss from nss.error import NSPRError -from ipaplatform.tasks import tasks from ipapython.dn import DN from ipapython.ipa_log_manager import root_logger from ipapython import ipautil @@ -158,18 +157,15 @@ class NSSDatabase(object): # Finally fix up perms os.chown(self.secdir, uid, gid) os.chmod(self.secdir, dirmode) - tasks.restore_context(self.secdir) for filename in NSS_FILES: path = os.path.join(self.secdir, filename) if os.path.exists(path): - if uid != -1 or gid != -1: - os.chown(path, uid, gid) + os.chown(path, uid, gid) if path == self.pwd_file: new_mode = pwdfilemode else: new_mode = filemode os.chmod(path, new_mode) - tasks.restore_context(path) def list_certs(self): """Return nicknames and cert flags for all certs in the database |