On Tue, Aug 25, 2015 at 02:18:29PM +0200, Jan Cholasta wrote: > Hi, > > the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5256>. > > Honza > > -- > Jan Cholasta
> From 216be8de30747f80f490d4e91a7cca4af3e767d6 Mon Sep 17 00:00:00 2001 > From: Jan Cholasta <jchol...@redhat.com> > Date: Tue, 25 Aug 2015 14:14:25 +0200 > Subject: [PATCH] spec file: Add Requires(pre) on selinux-policy > > This prevents ipa-server-upgrade failures on SELinux AVCs because of old > selinux-policy version. > > https://fedorahosted.org/freeipa/ticket/5256 > --- > freeipa.spec.in | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/freeipa.spec.in b/freeipa.spec.in > index cba91fe..fd73cda 100644 > --- a/freeipa.spec.in > +++ b/freeipa.spec.in > @@ -139,6 +139,7 @@ Requires: systemd-units >= 38 > Requires(pre): shadow-utils > Requires(pre): systemd-units > Requires(post): systemd-units > +Requires(pre): selinux-policy >= %{selinux_policy_version} What is the core issue with https://fedorahosted.org/freeipa/ticket/5256 ? I undestand that we need new selinux-policy, but what does that policy change? I ask because if it's about labelling of files installed by rpm, the (pre) might not help because rpm did not reload the file contexts mid-transaction https://bugzilla.redhat.com/show_bug.cgi?id=505066#c9 and I'm not sure things have changed since RHEL 5. -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code