rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
120 Commits 17 Branches 116 Tags 12 MiB
d16eb0d756
Commit Graph

5 Commits

Author SHA1 Message Date
Alexander Bokovoy
5f5010dd71 Update SELinux execmem workaround 
dcerpc crypto changes were merged upstream
 2016-09-01 17:05:35 +03:00
Petr Vobornik
a76abac86e Fix typo in SELinux 'execmem' denials fix 
According to https://fedorahosted.org/freeipa/ticket/5442#comment:7
 2016-07-22 18:06:47 +02:00
Petr Vobornik
1e163887b2 Rebase 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch 2016-03-24 16:43:12 +01:00
Petr Vobornik
b2442d51ba Workarounds for SELinux execmem violations in crypto 2015-12-18 17:48:36 +01:00
Petr Vobornik
a33b200323 Workarounds for SELinux execmem violations in cryptography 
ipaserver.dcerpc uses M2Crypto again on Python 2.7 and Dogtag's
pki.client no longer tries to use PyOpenSSL instead of Python's ssl
module.

Some dependencies like Dogtag's pki.client library and custodia use
python-requsts to make HTTPS connection. python-requests prefers
PyOpenSSL over Python's stdlib ssl module. PyOpenSSL is build on top
of python-cryptography which trigger a execmem SELinux violation
in the context of Apache HTTPD (httpd_execmem).
When requests is imported, it always tries to import pyopenssl glue
code from urllib3's contrib directory. The import of PyOpenSSL is
enough to trigger the SELinux denial.
A hack in wsgi.py prevents the import by raising an ImportError.
 2015-12-08 21:28:39 +01:00